Apache Struts

Apache Software released a security update to address a criticalvulnerability in Struts versions 2.5 to 2.5.12. Successful exploitation of this vulnerability, CVE-2017-9805, could allow a remote threat actor to execute arbitrary code on any server running an application built using the Struts framework and the popular REST communication plugin. The NJCCIC recommends all users and administrators review the Apache Security Bulletin and the NJCCIC Cyber Alert and upgrade to Struts 2.5.13.