Just now, when I looked through the email, I saw that there was a security problem with the host company's push. Mention yes Apache Struts disclosure S2-059 Struts Remote code execution vulnerability (CVE-2019-0230) allows an attacker to construct a malicious OGNL expression and set it to be modified by external input, and execute the attribute value of the Struts2 tag of the OGNL expression, triggering OGNL expression parsing, which ultimately leads to the effect of remote code execution, with great risk.
However, at present, our server basically does not use Apache, so there is basically no major problem. If we use it, we need to upgrade the image update and deal with several problems:
1. Upgrade to Struts 2.5.22 or later.
2. Enable ONGL expression injection protection measures
3. Use WAF for security defense
Of course, we need to do a good job of backup before upgrading, so that we can restore data in case of problems.
Scan the code to follow the official account
Get more news about webmaster circle!
Entrepreneurship, operation and new knowledge