The Apache Software Foundation addressed a possible remote code execution vulnerability in Struts 2 related to the OGNL technology. The Apache Software Foundation has released a security update to address a âpossible remote code executionâ flaw in Struts 2 that is related to the OGNL technology. The remote code execution flaw, tracked as CVE-2020-17530, resides in […]
Security researchers have discovered a PoC exploit code available online that can be used to trigger unpatched security flaws in Apache Struts 2. Security researchers have discovered a PoC code and exploit available on GitHub that that can be used to trigger the security vulnerabilities in Apache Struts 2. The Proof-of-concept exploit code was released […]
According to the threat intelligence firm Volexity, the CVE-2018-11776 vulnerability is already being abused in malicious attacks in the wild. Just yesterday I wrote about the availability online of the exploit code for the recently discovered Critical remote code execution vulnerability CVE-2018-11776 in Apache Struts 2. The PoC code was published on GitHub and experts were warning of […]
Canada Revenue Agency confirmed it shut down its website for filing federal taxes due to a cyber attack leveraging the CVE-2017-5638 flaw in Apache Struts 2 The Canada Revenue Agency (CRA) confirmed it shut down its website for filing federal taxes after hackers broke into the server at the nation’s statistics bureau. The security breach occurred […]