Vulnerability to be Found at Apache Struts

Fortunately, developers fixed the bug in versions of Apache Struts 2.3.35 and 2.5.17
24 August 2018   1150

Semmle employee Man Yue Mo disclosed details about the vulnerability CVE-2018-11776 of the framework for creating web applications called Apache Struts. The problem was discovered in April 2018. It allowed to remotely run malicious code and grab control over the web server.

The problem was the configuration of the framework, which allowed errors to appear in two cases:

  • if the alwaysSelectFullNamespace parameter was set to true;
  • if the action and url tags did not contain a namespace attribute, or if wildcard characters were used instead.

The attack began with a transition through a pre-configured link to a vulnerable web server. Further attackers were able to launch malicious code to capture control over the application.

Vulnerability was present in all web applications based on Apache Struts 2.3 versions prior to Struts 2.5.16. With the correct configuration file, the application could be invulnerable, but the risk of hacking increased even with the slightest change. The developers fixed the bug in versions of Apache Struts 2.3.35 and 2.5.17.

TIOBE Index June 2019 to be Rolled Out

Java is still on the top, but experts noted fast growth of Python search queries, and they believe it can reach 1st place in 3-4 years
13 June 2019   305

June 2019 TIOBE Index has been released. Analysts noted a sharp increase in the proportion of searches for Python.

This month Python has reached again an all time high in TIOBE index of 8.5%. If Python can keep this pace, it will probably replace C and Java in 3 to 4 years time, thus becoming the most popular programming language of the world. The main reason for this is that software engineering is booming. It attracts lots of newcomers to the field. Java's way of programming is too verbose for beginners. In order to fully understand and run a simple program such as "hello world" in Java you need to have knowledge of classes, static methods and packages. In C this is a bit easier, but then you will be hit in the face with explicit memory management. In Python this is just a one-liner. 
 

TIOBE Team

Experts attributed the growing popularity of Python to the fact that now many have hit the development of software. And newcomers prefer Python - succinct and concise. According to analysts, Java for beginners is too verbose, and C sooner or later will force to understand the intricacies of memory management.