Full Disclosure mailing list archives
[ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical)
From: Rene Gielen <rgielen () apache org>
Date: Thu, 24 Apr 2014 17:37:13 +0200
In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient. A security fix release fully addressing this issue is in preparation and will be released as soon as possible. Once the release is available, all Struts 2 users are strongly recommended to update their installations. * Until the release is available, all Struts 2 users are strongly recommended to apply the mitigation described in [1] * Please follow the Apache Struts announcement channels [2][3][4][5] to stay updated regarding the upcoming security release. Most likely the release will be available within the next 72 hours. Please prepare for upgrading all Struts 2 based production systems to the new release version once available. - The Apache Struts Team. [1] http://struts.apache.org/announce.html#a20140424 [2] http://struts.apache.org/mail.html [3] http://struts.apache.org/announce.html [4] https://plus.google.com/+ApacheStruts/posts [5] https://twitter.com/TheApacheStruts -- René Gielen http://twitter.com/rgielen _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen (Apr 24)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Tim (Apr 25)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen (Apr 25)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Tim (Apr 25)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen (Apr 26)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen (Apr 28)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Alexander Georgiev (Apr 26)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen (Apr 27)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen (Apr 25)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Tim (Apr 25)
- Re: [ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical) Rene Gielen (Apr 25)