Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache Struts Zero Day Not Fixed By Patch

Posted by samzenpus on from the protect-ya-neck dept.

Trailrunner7 (1100399) writes "The Apache Software Foundation released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug in question. Officials said a new patch is in development and will be released likely within the next 72 hours, said Rene Gielen of the Apache Struts team. On March 2, a patch was made available for a ClassLoader vulnerability in Struts up to version 2.3.16.1. An attacker would be able to manipulate the ClassLoader via request parameters. Apache said the fix was insufficient to repair the vulnerability."

2 of 15 comments (clear)

  1. Good thing... by Bill_the_Engineer · · Score: 4, Insightful

    Apache struts announced another general availability release that has the fix on April 24th.

    This is why you shouldn't read a blog post when the source material is just as easy to read.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
  2. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion