Threat Post

Apache Warns of Faulty Zero Day Patch for Struts

UPDATE – The Apache Software Foundation will re-issue at patch for a ClassLoader manipulation zero-day vulnerability in Struts. The fix is expected to be ready within 72 hours; a workaround is ...
InfoWorld

Mix protocols transparently in Struts

Sponsored by the Apache Software Foundation, Struts is an open source framework developed by the Jakarta Project. As stated on its homepage, Struts encourages architectures based on the ...
Threat Post

VMware Patches Apache Struts Flaws in vCOPS

VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines. VMware has ...
Ars Technica

Serving xml files in a java/struts webapp?

I'm no Struts expert, but my guess is that Struts adds a Servlet Mapping for anything in the context that ends in .xml.
Bleeping Computer

Apache Struts Vulnerabilities May Affect Many of Cisco's Products

Cisco has initiated a mass security audit of all its products that incorporate a version of the Apache Struts framework, recently affected by a series of vulnerabilities, one of which is under active ...
ZDNet

A critical Apache Struts security flaw makes it 'easy' to hack Fortune 100 firms

A critical security vulnerability in open-source server software enables hackers to easily take control of an affected server -- putting sensitive corporate data at risk. The vulnerability allows an ...