Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apache Struts Zero Day and Mitigation

Thanks to Gebhard for letting us know about a new vulnerability in Apache Struts.

If you recall the classloader vulnerability of few months ago, the fix for that seems to be case and punctuation sensitive (using [] instead of "."  was not accounted for)

In any case, they have posted a mitigation how-to here:

This affects all versions up to

Find more information on this here:

Rob VandenBrink


Rob VandenBrink

572 Posts
ISC Handler
Apr 24th 2014

Sign Up for Free or Log In to start participating in the conversation!