Bleeping Computer

Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, Cybersecurity ...
Threat Post

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Proof-of-concept exploit code surfaced on GitHub on Friday, ...
Dark Reading

Cryptominers Rush to Exploit Apache Struts 2 Vulnerability

Well, that didn't take long. About two weeks after the Apache Struts 2 vulnerability was revealed, F5 Labs has found evidenceof its use in a Monero (XMR) cryptomining exploit. Another such exploit was ...
Computerworld

Apache Struts security update fixes critical vulnerabilities

The Apache Software Foundation has released Struts 2.3.15.1, a security update for its popular Java Web application development framework that addresses two vulnerabilities, including a critical one ...
Infosecurity-magazine.com

Apache Warns of Critical Vulnerability in Struts 2

Apache has warned customers of a critical remote code execution (RCE) vulnerability in its popular Struts 2 framework. Apache Struts 2 is an open-source web application framework for developing Java ...
Dark Reading

Apache Struts Critical Weakness Found, Patched

A critical-level remote code execution vulnerability (CVE-2018-11776) has been identified in Apache Struts. Struts is an open source framework used in the development of Java-based web apps. The ...