Cisco's Talos security team announced it discovered attacks against a zero-day vulnerability in Apache Struts, which Apache patched on Monday.

Struts 2 is an open-source coding framework and library for enterprise developers popular with developers and companies when creating Java-based applications.

Struts is an open source MVC framework for creating modern Java web applications, and its widely used in enterprise environments, for both Intranets and public websites.

All versions of Struts since 2008 are affected, said the researchers. Apache Struts is used across the Fortune 100 to provide web applications in Java, and it powers front- and back-end applications.

Mo first reported the findings in April. By June, the Apache Struts team published the code which resolved the problem, leading to the release of official patches on August 22.

このシリーズのパートIでは、(Struts開発者向けに)全体のアーキテクチャ、基本的な要求の流れ、構成の意味、および新しい Struts 2(以前のWebWork)と ...