• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Yet again: All Struts versions highly vulnerable - upgrade now  RSS feed

 
Saloon Keeper
Posts: 5049
135
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Register has the story, and Apache has also weighed in. This affects all versions prior to 2.3.35 and 2.5.17. Given what happened to Equifax last year, all should upgrade ASAP. Choice quote from The Reg article: "My one takeaway, not a joke - stop using Apache Struts."
 
Bartender
Posts: 9550
12
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I seem to recall that the Equifax breach wasn't a problem with Struts per se, but one of the Apache libraries it depends on (S2-045 or S2-046 perhaps?).  But yea, Apache seems to have some quality/security problems.
Seeing as how people are still posting on this forum for Struts 1.x support, it really concerns me that there are some applications out there that aren't being kept up to day.  I'm sure we'll see some more exploits like Equifax in the future.  
 
Tim Moores
Saloon Keeper
Posts: 5049
135
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
True. I wonder if using Struts 1.x (or similar unpatched and obsolete tools) at this point in a publicly accessible web app would count as "criminal negligence" in a court of law.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!