www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <br...@apache.org>
Subject [SECURITY] CVE-2010-1870 Apache Continuum affected by Struts2 remote commands execution
Date Mon, 07 Jan 2013 04:32:39 GMT
CVE-2010-1870 Apache Continuum affected by Struts2 remote commands execution

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Continuum 1.3.1 to Continuum 1.3.8
- Continuum 1.4.0 (Beta)

Description:
Apache Continuum is affected by a vulnerability in the version of the
Struts library being used, which allows a malicious user to run code on the
server remotely. More details about the vulnerability can be found at
http://struts.apache.org/2.2.1/docs/s2-005.html.

Mitigation:
All users of affected versions are recommended to upgrade to Continuum 1.4.1, which configures
Struts in such a way that it is not affected by this issue.

References:
http://continuum.apache.org/security.html

--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter
http://twitter.com/brettporter






Mime
View raw message