Modernizing Authentication — What It Takes to Transform Secure Access
Version 22.214.171.124 of the open source Apache Struts web application framework was recently released.
"The update closes critical holes in Struts 2, fixing four old and well known security vulnerabilities that could be exploited by an attacker to circumvent restrictions by using dynamic method invocation (DMI) to inject and execute malicious Java code," The H Security reports.
"Versions 2.1.0 to 2.3.1 of Struts are affected; upgrading to 126.96.36.199 corrects the issues," the article states.
Go to "Apache Struts update closes critical holes" to read the details.https://l1.cdn.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.