TTCSIRT-180.111318: TT-CSIRT Advisory – Apache Security Updates

TTCSIRT-180.111318: TT-CSIRT Advisory – Apache Security Updates

Apache has released a security update stating that all web applications using Apache Struts be upgraded to ver 2.3.36 as previous versions are vulnerable to Remote Code Execution attackers from attackers.

This vulnerability is due to commons-fileupload jar file having a flaw where it can be replaced with a malicious file if an attacker is able to get access to it.

Further information on this vulnerability and how it can be mitigated can be found on the Apache Website at http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/browser