This week's book giveaway is in the Open Source forum.
We're giving away four copies of Programmers Guide to Apache Thrift and have Randy Abernethy on-line!
See this thread for details.
Win a copy of Programmers Guide to Apache Thrift this week in the Open Source forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Yet again: All Struts versions highly vulnerable - upgrade now  RSS feed

 
Saloon Keeper
Posts: 5475
143
Android Firefox Browser Mac OS X Safari Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Register has the story, and Apache has also weighed in. This affects all versions prior to 2.3.35 and 2.5.17. Given what happened to Equifax last year, all should upgrade ASAP. Choice quote from The Reg article: "My one takeaway, not a joke - stop using Apache Struts."
 
Bartender
Posts: 9559
12
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I seem to recall that the Equifax breach wasn't a problem with Struts per se, but one of the Apache libraries it depends on (S2-045 or S2-046 perhaps?).  But yea, Apache seems to have some quality/security problems.
Seeing as how people are still posting on this forum for Struts 1.x support, it really concerns me that there are some applications out there that aren't being kept up to day.  I'm sure we'll see some more exploits like Equifax in the future.  
 
Tim Moores
Saloon Keeper
Posts: 5475
143
Android Firefox Browser Mac OS X Safari Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
True. I wonder if using Struts 1.x (or similar unpatched and obsolete tools) at this point in a publicly accessible web app would count as "criminal negligence" in a court of law.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!