News
News & events
Security Research Institute of DBAPPSecurity found a SEVERE vulnerability existed in Struts 2
2017-03-08

Security Research Institute of DBAPPSecurity found a remote command execution vulnerability which existed in Struts2, and this vulnerability has been confirmed and named S2-045 by official website of Structs.

According to the Security Research Institute of DBAPPSecurity’s view, the risk caused by S2-045 is really serious, and the hacks could use this vulnerability to execute any command at remote server through browser. Meanwhile, lots of sites are affected by this vulnerability and the affected software version will include Struts 2.3.5 to Struts 2.3.31 and Struts 2.5 to Struts 2.5.10.

Structs2 is widely used in various industries, so Security Research Institute of DBAPPSecurity advised updating the Struts2 version or using the third party WEB firewall or Cloud Defense products to make prevention for this vulnerability.