Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Apache Struts - updated

Started by AplusWebMaster , Dec 02 2017 02:38 PM

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 02 December 2017 - 02:38 PM

FYI...

Apache Struts 2.5.14.1
- https://cwiki.apache...splay/WW/S2-054
Dec 01, 2017
> https://cwiki.apache...PageVersions=10
Recommendation: Upgrade to Struts 2.5.14.1
Affected Software: Struts 2.5 - Struts 2.5.14

- https://www.security....com/id/1039946
CVE Reference: https://nvd.nist.gov.../CVE-2017-15707
Dec 1 2017
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.5 - 2.5.14
Description: A vulnerability was reported in Apache Struts. A remote user can cause denial of service conditions on the target system.
A remote user can send specially crafted JSON data to trigger a flaw in the REST Plugin's default JSON-lib handler and cause denial of service conditions.
Impact: A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (2.5.14.1)...

>> https://cwiki.apache...pageId=74688649

Apache Struts 2 Documentation
Apache Struts Version Notes 2.5.14.1
>> https://cwiki.apache... Notes 2.5.14.1

- https://cwiki.apache...splay/WW/S2-055
Dec 01, 2017
> https://cwiki.apache...dPageVersions=4
Recommendation: Upgrade to Struts 2.5.14.1

- https://www.security....com/id/1039947
CVE Reference: CVE-2017-7525
Dec 1 2017
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.5 - 2.5.14
Description: A vulnerability was reported in Apache Struts. The impact was not specified.
A remote user can send specially crafted data to trigger a deserialization error in the jackson-databind component. The readValue() method of the ObjectMapper is affected...
[Editor's note: The vendor advisory does not specify the impact. However, because the deserialization vulnerability in the jackson-databind component can lead to code execution in other applications of the component, this Alert has been categorized as a state error with code execution impact.]
Solution: The vendor has issued a fix (2.5.14.1)...
___

> https://www.us-cert....ecurity-Updates
Dec 04, 2017 - "... upgrade to Struts 2.5.14.1."

> https://cwiki.apache...splay/WW/S2-054

> https://cwiki.apache...splay/WW/S2-055
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 04 December 2017 - 06:33 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove

Related Topics

Back to Updates To Software · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Discussion
  3. Updates To Software
  4. Privacy Policy
  5. Terms of Use ·