Security News > 2018 > November > Apache Struts 2.3.x vulnerable to two year old RCE flaw
The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited for remote code execution attacks. The probem Apache Struts 2 is a widely-used open source web application framework for developing Java EE web applications. The Commons FileUpload library is used to add file upload capabilities to servlets and web applications. The vulnerability (CVE-2016-1000031) is present in Commons FileUpload … More → The post Apache Struts 2.3.x vulnerable to two year old RCE flaw appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/WNi5j8htUNg/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-10-25 | CVE-2016-1000031 | Improper Access Control vulnerability in Apache Commons Fileupload Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution | 9.8 |