CVE-2010-1870 Apache Archiva affected by Struts2 remote commands execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.5 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: Apache Archiva is affected by a vulnerability in the version of the Struts library being used, which allows a malicious user to run code on the server remotely. More details about the vulnerability can be found at http://struts.apache.org/2.2.1/docs/s2-005.html. Mitigation: All users of affected versions are recommended to upgrade to Archiva 1.3.6, which configures Struts in such a way that it is not affected by this issue. References: http://archiva.apache.org/security.html
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.