Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Reference:
Advisory #2023-148
Version:
1.1
Affected software:
Struts 2.3.37 (end of life)
Struts 2.0.0
Struts 2.5.0
Struts 2.5.32
Struts 6.0.0
Struts 6.3.0
Type:
Remote Code Execution (RCE)
CVE/CVSS:
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
To address this vulnerability, Apache recommends users to urgently upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater.
Version Notes to find more details about performed bug fixes and improvements are available at:
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.33
https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0.2
https://nvd.nist.gov/vuln/detail/CVE-2023-50164
https://cwiki.apache.org/confluence/display/WW/S2-066
https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0.
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.33
https://www.tenable.com/cve/CVE-2023-50164
https://www.securityweek.com/apache-patches-critical-rce-vulnerability-in-struts-2/