Threat Post

Apache Warns of Faulty Zero Day Patch for Struts

UPDATE – The Apache Software Foundation will re-issue at patch for a ClassLoader manipulation zero-day vulnerability in Struts. The fix is expected to be ready within 72 hours; a workaround is ...
TheServerSide

Struts 2 development with the Eclipse IDE tutorial

Community driven content discussing all aspects of software development from DevOps to design patterns. Apache Struts is one of the most popular web development frameworks in the history of the Java ...
InfoWorld

Mix protocols transparently in Struts

Sponsored by the Apache Software Foundation, Struts is an open source framework developed by the Jakarta Project. As stated on its homepage, Struts encourages architectures based on the ...
Ars Technica

Serving xml files in a java/struts webapp?

I'm no Struts expert, but my guess is that Struts adds a Servlet Mapping for anything in the context that ends in .xml.
Threat Post

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Proof-of-concept exploit code surfaced on GitHub on Friday, ...
Ars Technica

In-the-wild exploits ramp up against high-impact sites using Apache Struts

Eight days after developers patched a critical flaw in the Apache Struts Web application framework, there has been no let-up in the volley of attacks attempting to exploit the vulnerability, which ...