Read Time:42 Second

What is the Vulnerability?

A remote attacker can manipulate the file upload parameters on the Apache Struts to enable path traversal and upload a malicious file. That can lead to perform remote code execution and complete control of the system. Apache Struts is an open-source and widely adopted framework for developing Java-based web applications.

What is the Vendor Solution?

Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.5.33 or Struts 6.3.0.2 or higher. https://cwiki.apache.org/confluence/display/WW/S2-066

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature “Apache.Struts.File.Upload.Remote.Code.Execution” to detect and block any attack attempts targeting the vulnerability.

FortiGuard Labs recommends organization to upgrade vulnerable versions as soon as possible, if not already done.

Read More