lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Apr 2014 17:37:13 +0200
From: Rene Gielen <>
Subject: [FD] [ANN] Struts 2 up to Zero-Day Exploit Mitigation
 (security | critical)

In Struts, an issue with ClassLoader manipulation via request
parameters was supposed to be resolved. Unfortunately, the correction
wasn't sufficient.

A security fix release fully addressing this issue is in preparation and
will be released as soon as possible.

Once the release is available, all Struts 2 users are strongly
recommended to update their installations.

* Until the release is available, all Struts 2 users are strongly
recommended to apply the mitigation described in [1] *

Please follow the Apache Struts announcement channels [2][3][4][5] to
stay updated regarding the upcoming security release. Most likely the
release will be available within the next 72 hours. Please prepare for
upgrading all Struts 2 based production systems to the new release
version once available.

- The Apache Struts Team.


René Gielen

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists