CVE-2010-1870 Apache Archiva affected by Struts2 remote commands execution
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Archiva 1.3 to Continuum 1.3.5
- The unsupported versions Archiva 1.2 to 1.2.2 are also affected.
Description:
Apache Archiva is affected by a vulnerability in the version of the
Struts library being used, which allows a malicious user to run code on the
server remotely. More details about the vulnerability can be found at
http://struts.apache.org/2.2.1/docs/s2-005.html.
Mitigation:
All users of affected versions are recommended to upgrade to Archiva 1.3.6, which configures
Struts in such a way that it is not affected by this issue.
References:
http://archiva.apache.org/security.html
--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter
http://twitter.com/brettporter
|