Apache Struts security update

Number: AV18-141
Date: 22 August 2018

Purpose

The purpose of this advisory is to bring attention to the recently released critical security updates for Apache Struts.

Assessment

The Apache Foundation has released Struts 2.3.35 and 2.5.17 which contains security fixes to address critical vulnerabilities.

Versions affected: Struts 2.3 - Struts 2.3.34, Struts 2.5 - Struts 2.5.16

CVE Reference: CVE-2018-11776

Suggested Action

CCIRC recommends that system administrators refer to the linked security bulletin where Apache outlines the updates that remediate these vulnerabilities.

References:

https://cwiki.apache.org/confluence/display/WW/S2-057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776
https://semmle.com/news/apache-struts-CVE-2018-11776
https://lgtm.com/blog/apache_struts_CVE-2018-11776

Date modified:: 2018-09-26

Language selection

Search

Apache Struts security update

Purpose

Assessment

Suggested Action

Note to readers

Apache Struts security update

Purpose

Assessment

Suggested Action