Apache Struts 2.3.x vulnerable to two year old RCE flaw

2018-11-06 11:28

The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited for remote code execution attacks. The probem Apache Struts 2 is a widely-used open source web application framework for developing Java EE web applications. The Commons FileUpload library is used to add file upload capabilities to servlets and web applications. The vulnerability (CVE-2016-1000031) is present in Commons FileUpload … More → The post Apache Struts 2.3.x vulnerable to two year old RCE flaw appeared first on Help Net Security.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/WNi5j8htUNg/

#apache #apachestruts #RCE #struts #CVE-2016-1000031

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2016-10-25	CVE-2016-1000031	Improper Access Control vulnerability in Apache Commons Fileupload Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution network low complexity apache CWE-284 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		295	58	843	629	289	1819