Apache Struts 2 vulnerability discovered, as proof of concept circulates


A new vulnerability found in the Apache Struts 2 framework has received a critical severity rating from NIST’s national database.

A new vulnerability in the Struts 2 web application framework can potentially enable a remote attacker to execute code on systems running apps based on earlier versions of the software.

The vulnerability, announced this week by Apache, involves a potential attacker manipulating file upload parameters in what is referred to as a path traversal attack. Path traversal is a broad term, according to Akamai senior security researcher Sam Tinklenberg.