I found myself being attacked more and more with this type of RCE vulnerability. If you are not sure if you are safe, please read on…
On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header. Written in Java, Apache Struts 2 is the popular open source web application framework that we’ve blogged about before. This is yet another incident that adds up to a long list of vulnerabilities in this framework.
On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header. Written in Java, Apache Struts 2 is the popular open source web application framework that we’ve blogged about before. This is yet another incident that adds up to a long list of vulnerabilities in this framework.
