Apache has announced a new vulnerability in Apache Struts, an open-source framework used for building Java web applications. An attacker who successfully exploits the vulnerability could potentially install programs; view, change, or delete data; or create new accounts with full user rights.
If your department uses Apache Struts, Pitt IT recommends you take the following actions:
- Upgrade to the most recent version of Apache Struts after appropriate testing.
- Verify no unauthorized system modifications have occurred on the system before applying the patch.
- Frequently validate type and content of uploaded data.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Additional information and a link to the latest version of Apache Struts are available on Apache’s website.
Please contact the 24/7 IT Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement