Ars Technica: Exploit goes public for severe bug affecting high-impact sites

Ars Technica: Exploit goes public for severe bug affecting high-impact sites. “Banks, insurance companies, and Fortune 500 corporations take note: attack code has just gone public for a hard-to-patch vulnerability that hackers can exploit to take control of your website. The critical vulnerability is located in Apache Struts 2, an open-source framework that large numbers of enterprise-grade organizations use to develop customer-facing Web applications. The bug, which has been active since 2008, allows end users to execute malicious code or commands by plugging maliciously modified data into search boxes or similar features hosted on the site.”