Tag

Struts2

Browsing

Two days ago Apache has published a fix for the new Remote Code Execution vulnerability in Struts2. Struts2 RCE attacks in the wild This vulnerability allows attacker to execute arbitrary Java code on the application server. We can confirm that caught the first exploit for this vulnerability from the wild. And this is crazy. Like previous OGNL exploits this one is also based on the OGNL macroses to construct and call shell command via sequence of…