Go to computer terminal for registration
Hi, JD Cloud security team recently monitored the Apache Struts2 remote command execution vulnerability, official number: S2-057. In order to prevent your business from being affected, it is recommended that you conduct a security self-examination in a timely manner. If your business is in the affecting scope, please update and fix the problem in time to avoid attacks from an external attacker.
XML configuration namespace value defined as a wildcard ("/*”); or when the namespace value in the upper layer action is not set, it may cause a web application remote code execution vulnerability.
Struts 2.3 - Struts 2.3.34
Struts 2.5 - Struts 2.5.16
Upgrade to the safe revision
Struts 2.3.35 revision: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.35
Struts 2.5.17 revision: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.17
Reference Link: https://cwiki.apache.org/confluence/display/WW/S2-057
JD Cloud team2018-08-24 09:47:52