Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published.
About the vulnerability (CVE-2019-0230)
“CVE-2019-0230 is a forced double Object-Graph Navigation Language (OGNL) evaluation vulnerability that occurs when Struts tries to perform an evaluation of raw user input inside of tag attributes. An attacker could exploit this vulnerability by injecting malicious OGNL expressions into an attribute used within an OGNL expression,” Tenable researchers explained.
It’s rated as important (i.e., not critical) by the Apache Struts Security Team, but could allow attackers to achieve remote code execution.
“There is still not enough information about the potential impact of this vulnerability under re ..
Support the originator by clicking the read the rest link below.
