Apache patches Struts 2 RCE vulnerability (CVE-2020-17530)
The Apache Software Foundation has patched a Struts 2 vulnerability CVE-2020-17530 that may lead to remote code execution.
Struts
Apache patches two Struts 2 vulnerabilities
The Apache Software Foundation has patched two vulnerabilities in Apache Struts 2 that could result in remote code execution (RCE) or Denial of Service (DoS). An attacker could exploit one of these vulnerabilities to take control of impacted systems. According to Apache, the two vulnerabilities affect Struts versions 2.0.0 – 2.5.20 and are described in …
Patch these 10 most commonly exploited vulnerabilities
U.S. government cybersecurity experts are providing guidance on the “top 10” most commonly exploited vulnerabilites. The alert helps highlight the importance of patching and prioritizing vulnerabilities with known exploits.
The top 20 vulnerabilities to patch now (that are most under attack)
Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization’s patch management efforts.
Cisco patches critical vulnerabilities
Cisco released four critical security advisories on Wednesday for multiple Cisco products.
Apache Struts security patch
The Apache Software Foundation has released a security advisory that fixes a vulnerability in Commons FileUpload library in Apache Struts versions 2.3.36 and prior.
New Mirai, Gafgyt IoT botnet variants target systems with Apache Struts, SonicWall vulnerability exploits
New variants of IoT botnets Mirai and Gafgyt are increasingly targeting enterprise devices with outdated versions and unpatched vulnerabilities.
Cisco issues security updates for Umbrella and Struts vulnerability
Cisco posted an updated security advisory for products impacted by Apache Struts Remote Code Execution Vulnerability (CVE-2018-11776). Cisco also released a software update that fixes a critical Cisco Umbrella API vulnerability.
Cisco security advisory on Apache Struts vulnerability
Cisco has updated the list of Cisco products under investigation, vulnerable and confirmed not vulnerable to the latest Apache Struts 2 vulnerability (CVE-2018-11776).
Apache Struts vulnerability exploit POC published
Security researchers have discovered proof-of-concept code of an Apache Struts vulnerability exploit, to include a Python script that makes it easier to exploit.