Researchers have found a critical remote code execution vulnerability in Apache Struts REST Plugin. Clients using Apache Struts versions 2.1.2 to 2.3.33, or 2.5 to 2.5.12 are highly encouraged to patch immediately.

Recommended Action

eSentire highly recommends upgrading to either Struts 2.3.34 or Struts 2.5.13 to mitigate this threat.

Additional Information

This vulnerability is addressed by ensuring your Struts version has been updated to version 2.3.34 or 2.5.13.

Public exploits have been reported, therefore patching vulnerable systems should be treated as priority. Apache has released a security bulletin with further details on this vulnerability, as well as solutions and workarounds. Read the full bulletin here:

S2-052 - Apache Struts 2 Documentation - Apache Software Foundation

eSentire Media Contacts

Mandy Bachus | eSentire | [email protected] | +1 519.651.2200 x5226 | @MandyBachus

Angela Tuzzo | MRB Public Relations | [email protected] | +1 732.758.1100 x105 | @MRB_PR

Ready to start the conversation about cybersecurity?
Talk to us today.
Let's Talk