Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated.
On a server where Apache Struts in running, a remote attacker may steal information or execute arbitrary code.
Update the Software
On 2014 April 25, Apache Struts 18.104.22.168 which contains a fix for this vulnerability has been released.
Upgrade the software according to the information provided by the developer.
Apply a Workaround
If Apache Struts 22.214.171.124 cannot be applied immediately, apply the following workaround which enables to mitigate the affects of this vulnerability.
## Products Affected