US-CERT has released a security update regarding a vulnerability in Apache Struts versions 2.5 to 2.5.14. The Apache Software Foundation released Apache Security Bulletins S2-054 and S2-055, which respectively address CVE-2017-15707 and CVE-2017-7525.
The vulnerabilities could allow a remote, unauthenticated attacker to perform a denial-of-service (DOS) by submitting malicious JSON data. The vulnerable systems use an outdated JSON-lib library with the Struts REST plugin.
US-CERT encourages users and administrators to upgrade to Struts 22.214.171.124