Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Apache Struts Zero Day Not Fixed by Patch

Trailrunner7 writes: The Apache Software Foundation today released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug in question.

Officials said a new patch is in development and will be released likely within the next 72 hours, said Rene Gielen of the Apache Struts team.

On March 2, a patch was made available for a ClassLoader vulnerability in Struts up to version 2.3.16.1. An attacker would be able to manipulate the ClassLoader via request parameters. Apache said the fix was insufficient to repair the vulnerability.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Apache Struts Zero Day Not Fixed by Patch

Comments Filter:

"Well I don't see why I have to make one man miserable when I can make so many men happy." -- Ellyn Mustard, about marriage

Working...