Security Alert: CRITICAL: Apache Struts Vulnerability
Date:
2017-09-06 15:18:00
Status:
Closed
Brief Description:
Apache has announced a Struts 2 vulnerability (CVE-2017-9805) that should be immediately patched. If your application relies on the Struts framework please read the informational links below and follow Apache's recommended steps.
Current Status:
N/A
Services Affected:
Not Applicable
Full Description:
Apache has announced a Struts 2 vulnerability (CVE-2017-9805) that should be immediately patched. If your application relies on the Struts framework please read the informational links below and follow Apache's recommended steps. Keep in mind that some vendor-provided applications may utilize Struts as well.
If you have questions or need support please reach out to the Cornell IT Security Office: 255-6664 or security-services@cornell.edu.
https://cwiki.apache.org/confluence/display/WW/S2-052
https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement (researcher who found it) https://lgtm.com/blog/apache_struts_CVE-2017-9805 (tech details by the researcher)
If you have questions or need support please reach out to the Cornell IT Security Office: 255-6664 or security-services@cornell.edu.
https://cwiki.apache.org/confluence/display/WW/S2-052
https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement (researcher who found it) https://lgtm.com/blog/apache_struts_CVE-2017-9805 (tech details by the researcher)