US-CERT Releases Apache Struts Patch

US-CERT has released a security update regarding a vulnerability in Apache Struts versions 2.5 to 2.5.14. The Apache Software Foundation released Apache Security Bulletins S2-054 and S2-055, which respectively address CVE-2017-15707 and CVE-2017-7525.

The vulnerabilities could allow a remote, unauthenticated attacker to perform a denial-of-service (DOS) by submitting malicious JSON data. The vulnerable systems use an outdated JSON-lib library with the Struts REST plugin.

US-CERT encourages users and administrators to upgrade to Struts 2.5.14.1

https://www.us-cert.gov/ncas/current-activity/2017/12/04/Apache-Software-Foundation-Releases-Security-Updates
https://cwiki.apache.org/confluence/display/WW/S2-054
https://cwiki.apache.org/confluence/display/WW/S2-055
http://struts.apache.org/plugins/rest/

Other Articles

A Corporate Guide to Surviving Cyberwarfare Through Cyber Resiliency

Cyberattacks Take Further Advantage of Supply Chain Vulnerabilities

The Null Session

Search

Social

linkedin
twitter
facebook
flickr
instagram
mail

Twitter Posts

Dr. John D. Johnson Follow

Champion of Science. Invoker of Logic. Promoter of Reason. Educator. Speaker. Volunteer. Community Builder. Cybersecurity/CXO/Founder.

Dr. John D. Johnson @johndjohnson ·

17 Apr

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack --
A critical vulnerability was announced impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.

Reply on Twitter 1780713862851121501 Retweet on Twitter 1780713862851121501 Like on Twitter 1780713862851121501 Twitter 1780713862851121501

Dr. John D. Johnson @johndjohnson ·

17 Apr

I’m excited to be in the west Chicago suburbs hosting another high school cyber security career day! We have 60 students, teachers and professionals volunteering to make this a great day!

Reply on Twitter 1780613160703066210 Retweet on Twitter 1780613160703066210 Like on Twitter 1780613160703066210 2 Twitter 1780613160703066210

Dr. John D. Johnson @johndjohnson ·

15 Apr

Space Force Releases the Much Anticipated Inaugural U.S. Commercial Space Strategy

Reply on Twitter 1779889940798582990 Retweet on Twitter 1779889940798582990 Like on Twitter 1779889940798582990 Twitter 1779889940798582990

Dr. John D. Johnson @johndjohnson ·

15 Apr

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

Reply on Twitter 1779866533247803494 Retweet on Twitter 1779866533247803494 Like on Twitter 1779866533247803494 Twitter 1779866533247803494

US-CERT Releases Apache Struts Patch

Share this:

The Null Session

Search

Social

Twitter Posts

Archives

RSS feed

Recent Comments