Risks
Advisories
Browse
or
or
Apache Archiva - Apache Archiva affected by Struts2 remote commands execution (CVE-2010-1870)
CVE-2010-1870 Apache Archiva affected by Struts2 remote commands execution

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Archiva 1.3 to Continuum 1.3.5
- The unsupported versions Archiva 1.2 to 1.2.2 are also affected.

Description:
Apache Archiva is affected by a vulnerability in the version of the
Struts library being used, which allows a malicious user to run code on the
server remotely. More details about the vulnerability can be found at
http://struts.apache.org/2.2.1/docs/s2-005.html.

Mitigation:
All users of affected versions are recommended to upgrade to Archiva 1.3.6, which
configures
Struts in such a way that it is not affected by this issue.

References:
http://archiva.apache.org/security.html




Spotlight

Fighting malware, emerging threats and AI

Posted on 24 November 2014.  |  Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Nov 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //