On December 9, 2020, a security update for Struts 2 was released by the Apache Software foundation. According to an Apache advisory, the vulnerability lies in the “forced OGNL evaluation on raw user input in tag attributes”. This flaw is classified as CVE-2020-17530. A very similar flaw related to OGNL evaluation was addressed in August … Continue reading “Apache Struts OGNL Remote Code Execution Vulnerability (CVE-2020-17530)”
Tag: Apache Struts
Identify and Remediate Most Exploited Vulnerabilities in last 5 years using VMDR
Summary: Amidst the global pandemic time period, DHS CISA and FBI share list of top 10 most exploited vulnerabilities on May 12,2020. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the Federal Bureau of Investigation (FBI), urges organizations in the public and private sector to apply necessary updates in order to … Continue reading “Identify and Remediate Most Exploited Vulnerabilities in last 5 years using VMDR”
Apache Struts Remote Code Execution : CVE-2017-9805
Apache Struts 2 is a framework for creating enterprise Java web applications. The framework is designed to reduce overhead for building, deploying and maintaining applications. A remote code execution vulnerability has been discovered by lgtm. The Apache Struts group has addressed this vulnerability in S2-052. The vulnerability has been assigned CVE-2017-9805. As per the official … Continue reading “Apache Struts Remote Code Execution : CVE-2017-9805”