Apache Struts 2.3.x vulnerable to two year old RCE flaw

The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited for remote code execution attacks.

Apache Struts 2 is a widely-used open source web application framework for developing Java EE web applications. The Commons FileUpload library is used to add file upload capabilities to servlets and web applications. The vulnerability (CVE-2016-1000031) is present in Commons FileUpload versions before 1.3.3, and arose due to the inclusion of a Java Object that can be manipulated to write or copy files to disk in arbitrary locations.

Read more about the Apache Struts flaw on Help Net Security.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief