Apache has announced a new vulnerability in Apache Struts, an open-source framework used for building Java web applications. An attacker who successfully exploits the vulnerability could potentially install programs; view, change, or delete data; or create new accounts with full user rights.

If your department uses Apache Struts, Pitt IT recommends you take the following actions:

• Upgrade to the most recent version of Apache Struts after appropriate testing.
• Verify no unauthorized system modifications have occurred on the system before applying the patch.
• Frequently validate type and content of uploaded data.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

Additional information and a link to the latest version of Apache Struts are available on Apache’s website.

Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement