Apache Struts is a free, open-source, MVC framework to create elegant modern Java web applications.
When the dynamic method invocation (Dynamic Method Invocation) is enabled for Struts, attackers may use the REST plug-in to run remote code.
Struts 2.3.20 - 2.3.28
Use Alibaba Cloud Security Web Application Firewall to intercept the attacking code for this vulnerability.
struts.xml file, set
Upgrade Struts to version 2.5 or later versions from the official website.
Thank you! We've received your feedback.