Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apache Struts Zero Day and Mitigation - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apache Struts Zero Day and Mitigation

Thanks to Gebhard for letting us know about a new vulnerability in Apache Struts.

If you recall the classloader vulnerability of few months ago, the fix for that seems to be case and punctuation sensitive (using [] instead of "."  was not accounted for)

In any case, they have posted a mitigation how-to here:

This affects all versions up to

Find more information on this here:

Rob VandenBrink


Rob VandenBrink

578 Posts
ISC Handler
Apr 24th 2014

Sign Up for Free or Log In to start participating in the conversation!