In association with heise online

04 January 2012, 16:05

Apache Struts update closes critical holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Struts logo The Apache Struts developers have released version 2.3.1.1 of their open source framework for Java-based web applications. The update closes critical holes in Struts 2, fixing four old and well known security vulnerabilities that could be exploited by an attacker to circumvent restrictions by using dynamic method invocation (DMI) to inject and execute malicious Java code.

Versions 2.1.0 to 2.3.1 of Struts are affected; upgrading to 2.3.1.1 corrects the issues. Alternatively, the security advisory provides instructions for changing a configuration file which mitigates the problem. Further information about the update can be found in the version notes and the project's security advisory. Struts 2.3.1.1 is available to download from the project's site.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1403697
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit