EricThe Struts (feat. Brian May) – Could Have Been Me
https://www.metgitarenenzo.nl/2025/09/the-struts-feat-brian-may-could-have-been-me/
EricThe Struts (feat. Brian May) – Could Have Been Me
https://www.metgitarenenzo.nl/2025/09/the-struts-feat-brian-may-could-have-been-me/
Qiita - 人気の記事【Java比較で理解】StrutsとSpring Bootの違いを体系的に整理してみた
https://qiita.com/rmasano/items/e35e4eef11ac5a83eef0?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
shplinkIt's been a #struts and #lemontwigs day at work, getting things accomplished.
Then I checked the news, I think #seanrowe is next 😟
#music #nowlistening
Then I checked the news, I think #seanrowe is next 😟
#music #nowlistening
Erik C. ThauvinJava News Roundup: TomEE 10, Struts 7, Payara Platform, GlassFish, Commonhaus Foundation, Gradle
Java News Roundup: TomEE 10, Struts 7, Payara Platform, GlassFish, Commonhaus Foundation, Gradle
This week's Java roundup for December 16th, 2024 features news highlighting: GA releases of Apache TomEE 10.0.0 and Apache Struts 7.0.0; the December 2024 release of the Payara Platform, GlassFish 8.0
Apache Struts 7.0.0 GA has been released
https://struts.apache.org/announce-2024?utm_medium=erik.in&utm_source=mastodon#a20241219
Sam Stepanyan 
🐘#Struts: A recently patched Critical Apache Struts 2 #vulnerability tracked as CVE-2024-53677 (CVSS: 9.5) is actively exploited by attackers allowing uploading malicious files like web shells:
👇
https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/
👇
https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/
Caitlin CondonAlmost exactly a year ago, Rapid7 put out a technical analysis of Apache #Struts 2 CVE-2023-50164 that said:
* Exploit payloads were going to need to be customized to the target
* It wasn't clear that there was any critical mass of remotely exploitable applications out of the box
* The reports of exploitation in the wild all appeared to be unsuccessful attempts rather than IRL compromises of production systems.
https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis
Fast-forward to CVE-2024-53677 and we can repeat the above verbatim, with one pretty notable exception — the "fixed" version that ostensibly remediates the vulnerability actually doesn't, and code-level changes are required (to migrate away from the vulnerable file upload interceptor) to actually remediate it. Also the "fixed" release (6.4.0) appears to have gone out a year ago? No idea. Big ups to @fuzz for the analysis!
https://attackerkb.com/assessments/28f08c0a-702c-4ab0-99cb-eea00202fa2c
securityaffairsThreat actors are attempting to exploit #Apache #Struts vulnerability CVE-2024-53677
https://securityaffairs.com/172109/hacking/apache-struts-vulnerability-cve-2024-53677-flaw.html
#securityaffairs #hacking
https://securityaffairs.com/172109/hacking/apache-struts-vulnerability-cve-2024-53677-flaw.html
#securityaffairs #hacking
BillHere's the Struts PoC if anyone wanted to play with it.
GitHub - TAM-K592/CVE-2024-53677-S2-067: A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute arbitrary code remotely. This vulnerability arises from flaws in the file upload logic, which can be exploited to perform path traversal and malicious file uploads.
A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute arbitrary code remotely. This vulnerability arises fr...