Security Alert (A22-04-14): Vulnerability in Apache Struts


 

Published on: 13 April 2022

  
  

Description:

Apache has released a security update to address a vulnerability in Apache Struts. A remote attacker could exploit the vulnerability by sending a specially crafted request to the affected systems.

 

Affected Systems:

  • Apache Struts 2.0.0 to version 2.5.29

 

Impact:

A successful exploitation could lead to remote code execution on an affected system.

 

Recommendation:

Administrators of the affected systems should upgrade the Apache Struts to current version 2.5.30 to address the issues. The update is available at:

https://struts.apache.org/download.cgi

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risks.

 

More Information:

  • https://struts.apache.org/announce-2022#a20220404
  • https://www.cisa.gov/uscert/ncas/current-activity/2022/04/12/apache-releases-security-advisory-struts-2
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31805


Tag: Apache , Struts
Tags