Security News > 2018 > November > Apache Struts 2.3.x vulnerable to two year old RCE flaw

Apache Struts 2.3.x vulnerable to two year old RCE flaw
2018-11-06 11:28

The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited for remote code execution attacks. The probem Apache Struts 2 is a widely-used open source web application framework for developing Java EE web applications. The Commons FileUpload library is used to add file upload capabilities to servlets and web applications. The vulnerability (CVE-2016-1000031) is present in Commons FileUpload … More → The post Apache Struts 2.3.x vulnerable to two year old RCE flaw appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/WNi5j8htUNg/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-10-25 CVE-2016-1000031 Improper Access Control vulnerability in Apache Commons Fileupload
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
network
low complexity
apache CWE-284
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 544 711 366 1634