Apache Struts 2 is an
open-sourceweb application framework for developing
Java EEweb applications. It uses and extends the
Java ServletAPI to encourage developers to adopt a
model–view–controller (MVC) architecture. The WebWork framework spun off from
Apache Struts 1 aiming to offer enhancements and refinements while retaining the same general architecture of the original Struts framework. In December 2005, it was announced that WebWork 2.2 was adopted as Apache Struts 2, which reached its first full release in February 2007.[2]
Struts 2 has a history of critical security bugs,[3] many tied to its use of
OGNL technology;[4] some vulnerabilities can lead to
arbitrary code execution. In October 2017, it was reported that failure by
Equifax to address a Struts 2 vulnerability advised in March 2017 was later exploited in the
data breach that was disclosed by Equifax in September 2017.[5][6]