Apache Software Foundation Releases Security Update

The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.

Threat ID:: CC-1625
Category:
Threat Severity:: Low
Threat Vector:
Published:: 6 September 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.

Affected platforms

The following platforms are known to be affected:

Apache Struts

Struts 2.1.2 - Struts 2.3.33
Struts 2.5 - Struts 2.5.12

Threat details

Remediation steps

Type	Step
	Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.5.13.

Last edited: 17 February 2020 11:26 am