Apache Struts vulnerability lets hackers execute malicious code on corporate servers
A severe security vulnerability in server software allows hackers to remotely execute malicious code in unpatched software protecting a wide swath of the richest private enterprises in the world. Apache Struts, an open-source framework for developing Java web applications, was discovered to have a remote code execution vulnerability. Discovered using lgtm, a free software engineering analytics tool launched last year, All web apps using Struts’ REST plugin are vulnerable. The 2.5.13 patch for Struts that addresses the issue, which launched just under two months after first disclosure, was released on Tuesday. Experts recommend patching immediately, but the challenges and typical speed of that process, especially in large enterprises, suggest it could be some time before all the firms involved have secured their systems. “The Struts framework is used by an incredibly large number and variety of organizations,” Man Yue Mo, an lgtm security researcher who discovered the vulnerability, said. “This vulnerability poses a huge risk, because […]
The post Apache Struts vulnerability lets hackers execute malicious code on corporate servers appeared first on Cyberscoop.