Bleeping Computer

Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, Cybersecurity ...
Threat Post

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Proof-of-concept exploit code surfaced on GitHub on Friday, ...
Dark Reading

Cryptominers Rush to Exploit Apache Struts 2 Vulnerability

Well, that didn't take long. About two weeks after the Apache Struts 2 vulnerability was revealed, F5 Labs has found evidenceof its use in a Monero (XMR) cryptomining exploit. Another such exploit was ...
Computerworld

Apache Struts security update fixes critical vulnerabilities

The Apache Software Foundation has released Struts 2.3.15.1, a security update for its popular Java Web application development framework that addresses two vulnerabilities, including a critical one ...
Dark Reading

Apache Struts Critical Weakness Found, Patched

A critical-level remote code execution vulnerability (CVE-2018-11776) has been identified in Apache Struts. Struts is an open source framework used in the development of Java-based web apps. The ...
CSOonline

Apache Struts 2 vulnerability discovered, as proof of concept circulates

A new vulnerability found in the Apache Struts 2 framework has received a critical severity rating from NIST’s national database. A new vulnerability in the Struts 2 web application framework can ...