Unraveling the Struts2 security vulnerability: A deep dive

By Aaron Linskens on December 21, 2023 security vulnerabilities

6 minute read time

Learn about the critical security vulnerability in Apache Struts2 from a Sonatype webinar covering CVE-2023-50164 with a risk of remote code execution
Read More...

Struts2 CVE-2023-50164 by the numbers

By Ilkka Turunen on December 19, 2023 vulnerability disclosure

5 minute read time

Struts2 security vulnerability is not like Log4j, but it is similar to historic breaches and has the potential for disaster if not addressed properly.
Read More...

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

By Jeff Wayman on December 14, 2023 vulnerabilities

6 minute read time

The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.
Read More...

Department of Homeland Security Cybersecurity: Top 10 vulnerabilities still being exploited

By April Downey on May 28, 2020 vulnerabilities

3 minute read time

DHS CISA lists Apache Struts as a top vulnerability. Yet, evidence shows it is still being downloaded - on average, by 10,000 organizations a month.
Read More...

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle

2 minute read time

Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018.
Read More...

Remote code execution vulnerability (CVE-2017-8046) in Pivotal's Spring Framework

By Derek Weeks on March 05, 2018 Apache Struts2

2 minute read time

A remote code execution vulnerability (CVE-2017-8046) in Pivotal's very popular Spring Framework was disclosed last week, although the original vulnerability.
Read More...

Struts2 Breach at Equifax was 100% Preventable. Here's how.

By Ilkka Turunen on September 20, 2017 Nexus Lifecycle

25 second read time

The breach at Equifax is a siren call for organizations to approach the problem of managing open source software by using automated technology.
Read More...

Security Processes at the Apache Software Foundation (video and podcast)

By Mark Miller on September 15, 2017 Struts

1 minute read time

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation
Read More...

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

By Mark Miller on September 14, 2017 Known Vulnerabilities

1 minute read time

With the acknowledgement by Equifax this morning, we talk about who is responsible for this, the creators of the open source solutions or people who use them.
Read More...