CVE-2010-1870 Apache Continuum affected by Struts2 remote commands execution
Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Continuum 1.3.1 to Continuum 1.3.8 - Continuum 1.4.0 (Beta) Description: Apache Continuum is affected by a vulnerability in the version of the Struts library being used, which allows a malicious user to run code on the server remotely. More details about the vulnerability can be found at http://struts.apache.org/2.2.1/docs/s2-005.html. Mitigation: All users of affected versions are recommended to upgrade to Continuum 1.4.1, which configures Struts in such a way that it is not affected by this issue. References: http://continuum.apache.org/security.html -- Brett Porter [email protected] http://brettporter.wordpress.com/ http://au.linkedin.com/in/brettporter http://twitter.com/brettporter
