28 Mar 2017

An Analysis of CVE-2017-5638

I just published some research I did with Gotham Digital Science on the recent Struts vulnerability, CVE-2017-5638. You can find that (rather long) post here, full of in-depth code review and an additional, lesser known attack vector:

An Analysis of CVE-2017-5638