#struts — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #struts, aggregated by home.social.
-
It's been a #struts and #lemontwigs day at work, getting things accomplished.
Then I checked the news, I think #seanrowe is next 😟
#music #nowlistening -
Java News Roundup: TomEE 10, Struts 7, Payara Platform, GlassFish, Commonhaus Foundation, Gradle
-
Java News Roundup: TomEE 10, Struts 7, Payara Platform, GlassFish, Commonhaus Foundation, Gradle
-
Java News Roundup: TomEE 10, Struts 7, Payara Platform, GlassFish, Commonhaus Foundation, Gradle
-
Java News Roundup: TomEE 10, Struts 7, Payara Platform, GlassFish, Commonhaus Foundation, Gradle
-
Java News Roundup: TomEE 10, Struts 7, Payara Platform, GlassFish, Commonhaus Foundation, Gradle
-
Apache Struts 7.0.0 GA has been released
https://struts.apache.org/announce-2024?utm_medium=erik.in&utm_source=mastodon#a20241219
-
#Struts: A recently patched Critical Apache Struts 2 #vulnerability tracked as CVE-2024-53677 (CVSS: 9.5) is actively exploited by attackers allowing uploading malicious files like web shells:
👇
https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/ -
Almost exactly a year ago, Rapid7 put out a technical analysis of Apache #Struts 2 CVE-2023-50164 that said:
* Exploit payloads were going to need to be customized to the target
* It wasn't clear that there was any critical mass of remotely exploitable applications out of the box
* The reports of exploitation in the wild all appeared to be unsuccessful attempts rather than IRL compromises of production systems.
https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis
Fast-forward to CVE-2024-53677 and we can repeat the above verbatim, with one pretty notable exception — the "fixed" version that ostensibly remediates the vulnerability actually doesn't, and code-level changes are required (to migrate away from the vulnerable file upload interceptor) to actually remediate it. Also the "fixed" release (6.4.0) appears to have gone out a year ago? No idea. Big ups to @fuzz for the analysis!
https://attackerkb.com/assessments/28f08c0a-702c-4ab0-99cb-eea00202fa2c
-
Exploitation of Recent Critical Apache Struts 2 Flaw Begins https://www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/ #Vulnerabilities #vulnerability #exploited #Apache #Struts
-
Exploitation of Recent Critical Apache Struts 2 Flaw Begins https://www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/ #Vulnerabilities #vulnerability #exploited #Apache #Struts
-
Here's the Struts PoC if anyone wanted to play with it.
-
#Struts: New Critical #RCE #Vulnerability CVE-2023-50164 Discovered in Apache #Struts 2 - Patch Now!
The vulnerability affects Apache Struts versions 2.0.0 - 2.5.32 and 6.0.0 - 6.3.0.1
https://thehackernews.com/2023/12/new-critical-rce-vulnerability.html
-
Bypassing OGNL sandboxes for fun and charities
// by @pwntester @githubsecurity
“Object Graph Notation Language ( #OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache #Struts and Atlassian #Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.”
https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/
-
Bypassing OGNL sandboxes for fun and charities
// by @pwntester @githubsecurity
“Object Graph Notation Language ( #OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache #Struts and Atlassian #Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.”
https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/
-
Bypassing OGNL sandboxes for fun and charities
// by @pwntester @githubsecurity
“Object Graph Notation Language ( #OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache #Struts and Atlassian #Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.”
https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/
-
Bypassing OGNL sandboxes for fun and charities
// by @pwntester @githubsecurity
“Object Graph Notation Language ( #OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache #Struts and Atlassian #Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.”
https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/
-
Bypassing OGNL sandboxes for fun and charities
// by @pwntester @githubsecurity
“Object Graph Notation Language ( #OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache #Struts and Atlassian #Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.”
https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/
-
New #Struts2 #jQuery plugin version 5.0.2 released. This version is based on latest Apache Struts version 6.1.1 and it includes some improvement's and bug fixes.
#java #javascript #webdevelopment #webdev #RELEASE #struts #jqueryui #webdev
-
New #Struts2 #jQuery plugin version 5.0.2 released. This version is based on latest Apache Struts version 6.1.1 and it includes some improvement's and bug fixes.
#java #javascript #webdevelopment #webdev #RELEASE #struts #jqueryui #webdev
-
#Struts 1.x was the very first web framework I learned in my career ~2008. Glad to hear it's still progressing!
Version 6 was just released: "Until version 6.0.0, each application using Struts had to use #Java #Servlet API 2.5 at least. This version of Servlet API is over 17 years old now, while Struts is 20 years old". https://softwaremill.com/whats-new-in-the-apache-struts-6-0-0/ by @softwaremill
-
The Apache Struts 6.1.1 is out, have fun!
-
Are there any The #struts #fans on here? They are such a #fun live show band! If you get a chance to see them #livemusic grab it!
-
Right now I'm reading a #Struts book, which was the way to create web sites with Java in the early years of the Third Age.
I hated it back then, so it would be interesting how it compares to the current horrorfest that is completion-driven webdev.
-
Apache issues advisory warning of serious vulnerability in Struts framework https://buff.ly/3leaFpO #security #Apache #Struts
