Apache Announces Vulnerability in Apache Struts | Information Technology | University of Pittsburgh

You are here

Apache Announces Vulnerability in Apache Struts

Tuesday, December 8, 2020 - 16:42


Apache has announced a new vulnerability in Apache Struts, an open-source framework used for building Java web applications. An attacker who successfully exploits the vulnerability could potentially install programs; view, change, or delete data; or create new accounts with full user rights.

If your department uses Apache Struts, Pitt IT recommends you take the following actions:

  • Upgrade to the most recent version of Apache Struts after appropriate testing.
  • Verify no unauthorized system modifications have occurred on the system before applying the patch.
  • Frequently validate type and content of uploaded data.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

Additional information and a link to the latest version of Apache Struts are available on Apache’s website.

Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement