Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Public exploits are readily available. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, Struts is widely used in large-scale Internet companies, government, financial institutions and other sites, and as the development of the underlying template to use.
- Apache Struts 2.3.5 – 2.3.31
- Apache Struts 2.5 – 2.5.10
Recommended Course of Action
Upgrade to Struts 2.3.32 or Struts 220.127.116.11