Struts

Apache Struts Remote Code Execution Vulnerability S2-062 (CVE-2021-31805) Alert

abril 14, 2022

Overview On April 13, 2022, NSFOCUS CERT detected that Struts officially issued a security notice and fixed a remote code execution vulnerability S2-062 (CVE-2021-31805). This vulnerability is not fully repaired for S2-061. When developers use the %{…} syntax to force OGNL parsing, there are still some special TAG attributes that can be parsed twice; attackers […]

Struts S2-059, S2-060 Vulnerabilities (CVE-2019-0230, CVE-2019-0233) Threat Alert

setembro 11, 2020

Overview

On August 13, 2020, Beijing time, Struts issued a new security bulletin to announce the fix of two vulnerabilities. S2-059 (CVE-2019-0230) is a possible remote code execution vulnerability, and S2-060 (CVE-2019-0233) is a denial-of-service vulnerability.

The two vulnerabilities were fixed in Struts 2.5.22 released in November 2019. Users are advised to upgrade as soon as possible.

Bulletin link: https://struts.apache.org/announce.html#a20200813

(mais…)

Search

Inscreva-se no Blog da NSFOCUS