- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Apache Struts is an open-source web application framework used for creating Java EE web applications. It became a top-level Apache project in 2005.
Without Apache Struts, a standard Java EE web application receives information to a server through a web form submitted by a client or similar user. The information is then given to a Java Servlet or JavaServer Pages. In the Java Servlet, the information communicated interacts with a database and creates a response in HTML. Similarly, JavaServer Pages can be used to blend Java code and HTML for the same result.
Since these approaches mix presentation with application logic, they can make maintenance difficult for large projects. Apache Struts is used to help amend that.
Apache Struts helps fix the problems created with a standard Java EE web application by separating the model (the application logic that interacts with a database) from the view (HTML pages shown to the client) and from the controller (information that passes between the model and view). Struts provides the controller and promotes the writing of templates for the presentation layer or view. The programmer needs to write the model code and create a central configurate file that binds together the model, view, and controller.
In 2017, it was discovered that certain versions of the Apache Struts 2 Framework (Struts 2.3.5 – 2.3.31 and 2.5 – 2.5.10) were vulnerable to remote code execution attacks. This allowed attackers to deliver malicious payloads. To prevent these attacks, it was recommended to upgrade to Apache Struts version 2.3.32 or 22.214.171.124.
Learn more about the Apache Structs 2 vulnerabilities and how to protect your applications.