[SingCERT] Apache Struts2 Vulnerability Exploited in the Wild

Published on Wednesday, 04 September 2013 15:28

[ Summary ]

SingCERT has been notified that a recently disclosed Apache Struts2 vulnerability (CVE-2013-2251) is being exploited actively.

Apache Struts 2 is an extensible framework for creating enterprise-ready Java web applications. The framework is used to develop, deploy and maintain Java web applications.

A recent update for Apache Struts2 resolved several critical vulnerabilities in the framework application. Websites that use Apache Struts2 in their web applications are advised to update their software to the latest version immediately.

 

[ References ]

http://struts.apache.org/development/2.x/docs/s2-016.html
http://struts.apache.org/development/2.x/docs/security-bulletins.html
http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/Apache-Struts.html