September 5, 2024 at 05:35PM Apache has addressed a critical security vulnerability in its OFBiz software, allowing attackers to execute arbitrary code on Linux and Windows servers. The flaw, tracked as CVE-2024-45195, was discovered by Rapid7. This is a remote code execution issue caused by a forced browsing weakness. Users are urged to upgrade to … Read more
December 12, 2023 at 01:00AM Apache has issued a critical security advisory for a flaw in Struts 2, a Java web application framework, potentially allowing remote code execution. Tracked as CVE-2023-50164, the flaw affects various versions, with patches available for some. No workarounds exist, and upgrades to versions 2.5.33 and 6.3.0.2 or higher are highly … Read more
December 11, 2023 at 07:48AM The Apache Software Foundation released security updates addressing a critical file upload vulnerability in Struts 2, which could be exploited to execute arbitrary code remotely. Tracked as CVE-2023-50164, the flaw impacts Struts versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.32, and 6.0.0 to 6.3.0. The vulnerability was patched in Struts versions … Read more