Apache Struts2 RCE: Used in the 2017 Equifax breach exposing 147M people. Unauthenticated RCE via Content-Type header. Update Struts2 immediately and add WAF rules blocking the attack pattern. Review your Struts-based apps immediately.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →