[prev in list] [next in list] [prev in thread] [next in thread]
List: struts-announce
Subject: [ANN] Two security vulnerabilities reported
From: Lukasz Lenart <lukaszlenart () apache ! org>
Date: 2016-06-01 10:25:25
Message-ID: CAMopvkOX0qosY3gtHz+pCo=o+Ap86udmFBdUYfZKBkAJFtiJQA () mail ! gmail ! com
[Download RAW message or body]
Two potential security vulnerabilities were reported which were
already addressed in the latest Apache Struts 2 versions. Those
reports just added other vectors of attack.
http://struts.apache.org/announce.html#a20160601
- S2-033 Remote Code Execution can be performed when using REST Plugin
with ! operator when Dynamic Method Invocation is enabled -
http://struts.apache.org/docs/s2-033.html
- S2-034 OGNL cache poisoning can lead to DoS vulnerability -
http://struts.apache.org/docs/s2-034.html
Please read carefully the Security Bulletins and take suggested
actions. The simplest way to avoid those vulnerabilities in your
application is to upgrade the Apache Struts to latest available
version in 2.3.x series or to the Apache Struts 2.5.
You can download those versions from our download page.
http://struts.apache.org/download.html#struts-ga
Kinds regards
--
Ćukasz
+ 48 606 323 122 http://www.lenart.org.pl/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic