Apache Struts vulnerabilityArticle Number: 000055510 | Last Modified: 2018/11/21
Apache has released details of a new vulnerability related to web applications that are coded with the STRUTS framework, which if exploited could allow a malicious party to remotely execute code. The vulnerability, identified by CVE-2018-11776 impacts systems running Apache Struts v2.3 to 2.3.34 and v2.5 to 2.5.16 and any currently unsupported Struts versions. The vulnerability relies on an error in how Apache validates the namespace parameter in several underlying XML configurations.
Details of which are provided here:
If you like to find which of other programs installed on your machine is using Apache Struts refering to https://stackoverflow.com/questions/4021995/how-to-find-the-struts-version-being-used-in-a-project
On a Windows system:
- Open file explorer, search for struts*.jar
Have a Question?
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.Submit a case
Experiencing a serious issue, please contact us by phone. View phone numbers and hours by region.