[High Risk Vulnerability Warning] CVE-2017-9805: Struts2 REST Plugin Remote Code Execution Vulnerability (S2-052)

Struts officially reported a critical security vulnerability on September 5, 2017. The vulnerability number is S2-052. Under certain conditions, an attacker can use this vulnerability to remotely send carefully constructed malicious data packets, allowing access to business data or server permissions, creating a serious security risk.

Affected Services:
Struts 2.5-Struts 2.5.12

Fixing the vulnerability:
In order to ensure your business is secure and reliable on Alibaba Cloud, the Alibaba Cloud security team would like to remind you to proactively check for security risks and take steps to strengthen your security:
1. Currently the official Struts website has published a patch. We recommend you upgrade to Apache Struts version 2.5.13 or 2.3.34.
2. Alibaba Cloud Web Application Firewall (WAF) has published the rule of this vulnerability. You can also use WAF to detect and defend the attack behavior of this vulnerability.

If you have any questions, please feel free to contact us by submitting a ticket.

Alibaba Cloud Security Team