Skip to main content

Apache Releases Security Update for Apache Struts 2

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts 2. A remote attacker could exploit this vulnerability to execute arbitrary code on an affected system.
Threat ID:
CC-2630
Category:
Threat Severity:
Medium
Threat Vector:
Published:
23 August 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts 2. A remote attacker could exploit this vulnerability to execute arbitrary code on an affected system.

Affected platforms

The following platforms are known to be affected:

Apache Struts

  • Apache Struts - Versions 2.3 to 2.3.34 and 2.5 to 2.5.16

Threat details

Remediation steps

Type Step
Users and administrators are encouraged to review the Apache Security Bulletin S2-057 and apply the necessary updates.

Last edited: 17 February 2020 12:37 pm