I've just found a number of new jsp pages on a web app we developed. There was a text file relating to the K8 Struts2 Exploit. We contacted the client and updated the files, but I'd like to know if anybody has further information about this exploit.
Basically do we tell the client to wipe the server and reinstall everything or is the update to the web app enough. Z.
