Apache Struts is a popular Java-based web application framework used for building enterprise-level applications. The vulnerability in Apache Struts allows attackers to cause denial-of-service (DoS) attacks by exploiting a file leak in multipart request processing, leading to disk exhaustion.
You're affected if you use Denial of Service vulnerability. Affected versions: 7.0.3, 6.7.0
Upgrade to version 6.8.0 or 7.1.1 at least.
Maven: Update your dependency in pom.xml to the latest version of struts-core.
Immediate mitigations:
- Define a temporary folder used to store uploaded files with limited size or on the dedicated volume which won't affect system files.
- Disable file upload support in the framework if not used.