Apache Struts
CVE-2023-50164: A Critical Vulnerability in Apache Struts
On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. ...
The Hacker vs. Struts 2 Game – It Appears it has No Ending
If you’re active in the cybersecurity industry, you have likely heard the buzz about Struts 2 Java framework in 2017. In short, hackers were able to exploit a vulnerable application based on ...
Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
A security researcher disclosed a yet unpatched zero-day vulnerability in the popular VirtualBox virtualization software that can be exploited from a guest operating system to break out of the virtual machine and ...
Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available
Remember how an unpatched flaw in Apache Struts caused one of the biggest data breaches in history? It could happen again, if those using Apache Struts versions 2.3.x or lower fail to ...
Apache Struts, RCEs, and the Equifax Breach Anniversary
We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time ...
Cisco Products Receive Patches for Critical Struts Vulnerability
Cisco Systems has released patches for some of its products that use the Apache Struts web development framework and are affected by a recently announced critical vulnerability. The flaw, tracked as CVE-2018-11776, ...
Someone Dropped a Windows Zero-Day Exploit on GitHub
A previously unknown vulnerability that allows attackers to obtain SYSTEM privileges on Windows computers has been publicly disclosed. Someone with the username SandboxEscaper posted a link to a proof-of-concept exploit on Twitter ...
Critical Apache Struts flaw just waiting to be exploited; PoC reported in the wild
Organizations relying on the Apache Struts framework should patch their servers ASAP, or at the very least ensure the namespace is always set within their infrastructure, as cybercrooks already have a proof-of-concept ...
Critical Vulnerability Patched in Apache Struts
The Apache Struts web development framework has received new security updates to address a critical vulnerability that could allow attackers to compromise web applications and servers. Apache Struts is widely used for ...
Black Duck Releases Free Tool to Help You Avoid Becoming the Next Equifax
Equifax recently became headline news for all the wrong reasons when it revealed it had been the victim of a data breach that exposed the sensitive financial history and personal data of ...