Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×
Security Apache

Apache Struts Zero Day Not Fixed By Patch 15

Trailrunner7 (1100399) writes "The Apache Software Foundation released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug in question. Officials said a new patch is in development and will be released likely within the next 72 hours, said Rene Gielen of the Apache Struts team. On March 2, a patch was made available for a ClassLoader vulnerability in Struts up to version 2.3.16.1. An attacker would be able to manipulate the ClassLoader via request parameters. Apache said the fix was insufficient to repair the vulnerability."
This discussion has been archived. No new comments can be posted.

Apache Struts Zero Day Not Fixed By Patch

Comments Filter:

Related Links Top of the: day, week, month.

Nothing succeeds like the appearance of success. -- Christopher Lascl

Working...