Skip to main content

New Apache Struts Vulnerability Leaves Major Websites Exposed

posted onAugust 23, 2018
by l33tdawg
eWeek
Credit: eWeek

Remember last year's Equifax hack? It involved an exploit of a vulnerability in Apache Struts. Yesterday, news came of a new vulnerability in the open source Web framework, one that some people are saying could be worse than the one that put everyone's credit card information into the hands of criminals.

The new vulnerability, designated CVE-2018-11776, was discovered by Man Yue Mo, a researcher on the Semmle security research team. This vulnerability is in the core functionality of Struts, allowing remote code execution (RCE) when the framework is configured in certain ways.

"The vulnerability doesn't exist because of configurations, but when the system is configured in a certain way, you can take advantage of vulnerabilities that exist in Struts," says Glen Pendley, deputy CTO at Tenable.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th