Security Alert (A23-06-12): Multiple Vulnerabilities in Apache Struts


 

Published on: 15 June 2023

  
  

Description:

The Apache Software Foundation has released the security bulletins to address the vulnerabilities in Apache Struts. A remote attacker could exploit the vulnerabilities by sending a specially crafted request to the affected systems.

 

Affected Systems:

  • Apache Struts 2.x prior to version 2.5.31
  • Apache Struts 6.x prior to version 6.1.2.1

 

Impact:

Successful exploitation of the vulnerabilities could lead to denial of service on an affected system.

 

Recommendation:

Administrators of the affected systems should upgrade the Apache Struts to current versions 2.5.31 or 6.1.2.1 to address the issues. The updates are available at:
https://struts.apache.org/download.cgi

 

More Information:

  • https://struts.apache.org/announce-2023#a20230613-1
  • https://cwiki.apache.org/confluence/display/WW/S2-063
  • https://cwiki.apache.org/confluence/display/WW/S2-064
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34149
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34396


Tag: Apache , Struts
Tags