Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

Apache Struts is an open-source web development framework for Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media.

On Monday, the Apache Struts developers fixed a high-impact vulnerability in the framework’s Jakarta Multipart parser. Hours later, an exploit for the flaw appeared on Chinese-language websites and this was almost immediately followed by real-world attacks, according to researchers from Cisco Systems.

To read this article in full or to leave a comment, please click here