You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Lukasz Lenart <lu...@apache.org> on 2016/06/01 10:25:25 UTC
[ANN] Two security vulnerabilities reported
Two potential security vulnerabilities were reported which were
already addressed in the latest Apache Struts 2 versions. Those
reports just added other vectors of attack.
http://struts.apache.org/announce.html#a20160601
- S2-033 Remote Code Execution can be performed when using REST Plugin
with ! operator when Dynamic Method Invocation is enabled -
http://struts.apache.org/docs/s2-033.html
- S2-034 OGNL cache poisoning can lead to DoS vulnerability -
http://struts.apache.org/docs/s2-034.html
Please read carefully the Security Bulletins and take suggested
actions. The simplest way to avoid those vulnerabilities in your
application is to upgrade the Apache Struts to latest available
version in 2.3.x series or to the Apache Struts 2.5.
You can download those versions from our download page.
http://struts.apache.org/download.html#struts-ga
Kinds regards
--
Ćukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org