[High Risk Vulnerability Warning] CVE-2017-9805: Struts2 REST Plugin Remote Code Execution Vulnerability (S2-052)
Struts 2.5-Struts 2.5.12
Fixing the vulnerability:
In order to ensure your business is secure and reliable on Alibaba Cloud, the Alibaba Cloud security team would like to remind you to proactively check for security risks and take steps to strengthen your security:
1. Currently the official Struts website has published a patch. We recommend you upgrade to Apache Struts version 2.5.13 or 2.3.34.
2. Alibaba Cloud Web Application Firewall (WAF) has published the rule of this vulnerability. You can also use WAF to detect and defend the attack behavior of this vulnerability.
If you have any questions, please feel free to contact us by submitting a ticket.
Alibaba Cloud Security Team