Patch Apache Struts 2 Now! Hackers are exploiting a remote code execution zero-day in the wild

Security researchers have spotted a remote code execution zero-day, tracked as CVE-2017-5638, in Apache Struts 2, and the bad news is that threat actors in the wild are already exploiting it.

According to the experts from Cisco Talos that flaws affected the Jakarta-based file upload Multipart parser under Apache Struts 2, sys admins need to urgently apply the security upgrade. The CVE-2017-5638 is documented at Rapid7’s Metasploit Framework GitHub site, attackers in the wild are exploiting a publicly available PoC code that triggers the issue. …

Source: Patch Apache Struts 2 Now! Hackers are exploiting a remote code execution zero-day in the wild

Share

Leave a Reply