Apache Struts2 RCE — exploited within hours of disclosure against financial, government and healthcare targets. Another critical Struts RCE after Equifax. Update all Struts2 deployments to 2.3.35 or 2.5.17 immediately.
Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true and the namespace value is not set for a result defined in XML configurations.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →