Current location: Lao Zuo's Notes > Host Tutorial > text

Resolve Apache Struts S2-059 Struts remote code execution vulnerability

2020-08-18 16:10:33 Classification: Host Tutorial

Just now, when I looked through the email, I saw that there was a security problem with the host company's push. Mention yes Apache Struts disclosure S2-059 Struts Remote code execution vulnerability (CVE-2019-0230) allows an attacker to construct a malicious OGNL expression and set it to be modified by external input, and execute the attribute value of the Struts2 tag of the OGNL expression, triggering OGNL expression parsing, which ultimately leads to the effect of remote code execution, with great risk.

However, at present, our server basically does not use Apache, so there is basically no major problem. If we use it, we need to upgrade the image update and deal with several problems:

1. Upgrade to Struts 2.5.22 or later.

2. Enable ONGL expression injection protection measures

3. Use WAF for security defense

Of course, we need to do a good job of backup before upgrading, so that we can restore data in case of problems.

Domain name host preferential information push QQ group: six hundred and twenty-seven million seven hundred and seventy-five thousand four hundred and seventy-seven Get preferential promotion from merchants.

Like（ zero )

Do not reprint without permission: Lao Zuo's Notes » Resolve Apache Struts S2-059 Struts remote code execution vulnerability