As a vulnerability hype train sense check:
There's a new Apache Struts vuln doing the rounds which is very very similar to one in this thread.
People lost their minds about it at the time.
They might want to read the thread.
=> More informations about this toot | More toots from GossiTheDog@cyberplace.social
On CVE-2024-53677 (Struts vuln), it's following a very similar path to the Struts 2 vuln this time last year:
Not to downplay it, just keep calm and patch. You may have noticed the internet didn't melt last time.
=> More informations about this toot | More toots from GossiTheDog@cyberplace.social
Greynoise on Struts vuln https://infosec.exchange/@ntkramer/113675937782214019
=> More informations about this toot | More toots from GossiTheDog@cyberplace.social
Rapid7 on Struts vuln: https://infosec.exchange/@catc0n/113675772827431567
=> More informations about this toot | More toots from GossiTheDog@cyberplace.social
yip. similar to the CVE this time last year, I've not seen or heard of an actual incident resulting from the vuln.
https://infosec.exchange/@todb/113702464854067173
=> More informations about this toot | More toots from GossiTheDog@cyberplace.social
@GossiTheDog thanks, that’s a good collection of handy info. Don’t stop someone calling me outside hours about it last weekend, but luckily I was jaded enough to ask the right questions before triggering battle stations. People still remember the Equifax thing so you say Struts and eyes start twitching.
=> More informations about this toot | More toots from DougMNZ@infosec.exchange
@GossiTheDog ahhhh not struts again. I’m still reeling from CVE-2017-5638
=> More informations about this toot | More toots from nobletrout@infosec.exchange This content has been proxied by September (3851b).Proxy Information
text/gemini