Malware Devil

Loading...

Monday, December 21, 2020

Security Alert: [Updated] Alert Regarding Vulnerability in Apache Struts 2 (S2-061)

JPCERT-AT-2020-0046
JPCERT/CC
2020-12-09(Initial)
2020-12-21(Update)

I. Overview

On December 8, 2020 (Local Time), the Apache Software Foundation has released information (S2-061) on vulnerability (CVE-2020-17530)in Apache Struts 2. This vulnerability is due to improper verification of input values. A remote attacker leveraging this vulnerability may execute arbitrary code on the server that runs Apache Struts 2.

Apache Struts 2 Documentation
Security Bulletins S2-061
https://cwiki.apache.org/confluence/display/WW/S2-061

The Apache Software Foundation has rated this vulnerability as”Important”.It is recommended to upgrade the version as soon as possible by referring to the information provided in “III. Solution” if a version of Apache Struts 2 which is affected by the vulnerability is used.

JPCERT/CC has confirmed the information that attack activity that exploited this vulnerability had been observed. It is recommended to upgrade the version as soon as possible, if a version of Apache Struts 2 which is affected by this vulnerability is used.

II. Affected Products

The following versions of Apache Struts 2 are affected by the vulnerability:

Apache Struts 2
– Versions 2.0.0 to 2.5.25

III. Solution

The Apache Software Foundation has released versions of Apache Struts 2 that address this vulnerability. Please update to the versions by referring to the information provided by the Apache Software Foundation.

Apache Struts 2
– Versions 2.5.26

For more information, please refer to the updated information provided by the Apache Software Foundation.

Apache Struts 2 Documentation
Version Notes 2.5.26
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.26

IV. References

The Apache Software Foundation
08 December 2020 – Potential RCE when using forced evaluation – CVE-2020-17530
https://struts.apache.org/announce#a20201208

If you have any information regarding this alert, please contact JPCERT/CC.

2020-12-09 First edition
2020-12-21 Updated “I. Overview”

JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

Read More

The post Security Alert: [Updated] Alert Regarding Vulnerability in Apache Struts 2 (S2-061) appeared first on Malware Devil.



https://malwaredevil.com/2020/12/21/security-alert-updated-alert-regarding-vulnerability-in-apache-struts-2-s2-061/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-updated-alert-regarding-vulnerability-in-apache-struts-2-s2-061
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...