Providing Free and Editor Tested Software Downloads

MajorGeeks.com - These are not the droids you are looking for.

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

Opera One

Everything
you need.

Already
there.

AI assistant

Aria, built right in

Free VPN

No account needed

Ad blocker

Faster, cleaner web

Tab Islands

Grouped browsing

Useful sidebars

Make it yours

No Clunky Extensions Needed.

MajorGeeks Approved.

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Smart Defrag

3. Macrium Reflect FREE Edition

4. K-Lite Mega Codec Pack

6. Microsoft Visual C++ 2015-2022 Redistributable Package

7. Sergei Strelec's WinPE

8. K-Lite Codec Pack Full

9. Visual C++ Redistributable Runtimes AIO Repack

10. McAfee Removal Tool (MCPR)

How Much Storage Space Are Your Installed Apps Using in Windows 11?

How To Reset and Fix the Settings App in Windows 11

How To Remove the Windows 11 Updated Start Menu

How To Download a Windows 11 ISO

How To Disable Drag Tray

How To Boot Into WinRE (Windows Recovery Environment)

How To Find the Installation Date of Apps

Recently Opened Files - How To Hide or Show Them In Jump Lists, File Explorer, and Start Menu

How To Change the Name of a Local or Microsoft Account

How To Remove OneDrive From the Navigation Pane in File Explorer

Important security update for Apache Struts

Posted by: TimW on 05/31/2013 10:37 AM [ Comments ]

According to the Struts developers, the maximum threat level is "highly critical" for Apple Struts. Version 2.3.14.2 update of the Java framework fixes several high-risk vulnerabilities that allow attackers to inject code into the server, for example via specially crafted HTTP requests. The holes have been identified as CVE-2013-2115 and CVE-2013-1966.

Vulnerability details and a Proof of Concept (PoC) can be found via the advisory link above and on the Coverity blog. The previous version ( Struts 2.3.14.1 ) was supposed to close the holes, but the update failed to block all potential attacks. All versions prior to the new update are vulnerable. Anyone using it on their server should update immediately.

This is yet another OGNL-related problem for the Struts framework. Holes in the implementation of the expression language have previously been found, and closed, in January 2012, August 2010 and in November 2008.

Comments

comments powered by Disqus

© 2000-2026 MajorGeeks.com

Powered by Contentteller® Business Edition