from the protect-ya-neck dept.
Trailrunner7 (1100399) writes "The Apache Software Foundation released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug in question. Officials said a new patch is in development and will be released likely within the next 72 hours, said Rene Gielen of the Apache Struts team. On March 2, a patch was made available for a ClassLoader vulnerability in Struts up to version 188.8.131.52. An attacker would be able to manipulate the ClassLoader via request parameters. Apache said the fix was insufficient to repair the vulnerability."
"There are some good people in it, but the orchestra as a whole is equivalent
to a gang bent on destruction."
-- John Cage, composer