Home > Article > Operation and Maintenance > CNNVD report example analysis on Apache Struts2 S2-057 security vulnerability
Currently, Apache has officially released a version update to fix this vulnerability. It is recommended that users confirm the Apache Struts product version in time, and if affected, please take timely patching measures.
Apache Struts2 is a sub-project of the Jakarta project under the American Apache Software Foundation. It is a design based on MVC Web application framework.
On August 22, 2018, Apache officially released the Apache Struts2 S2-057 security vulnerability (CNNVD-201808-740, CVE-2018-11776). When the pan-namespace function is enabled in the struts2 development framework and a specific result is used, a remote code execution vulnerability will be triggered.
An attacker who successfully exploits this vulnerability can execute malicious code in the target system. Apache Struts 2.3–Apache Struts2.3.34, Apache Struts2.5–Apache Struts 2.5.16 and other versions are all affected by this vulnerability.
Currently, Apache has officially released a version update to fix the vulnerability. It is recommended that users confirm the Apache Struts product version in time, and if affected, please take timely patching measures. The vulnerability patching measures are as follows:
Upgrade to struts2 2.3.35 or struts2 2.5.17
The above is the detailed content of CNNVD report example analysis on Apache Struts2 S2-057 security vulnerability. For more information, please follow other related articles on the PHP Chinese website!