Skip to main content

Apache Struts 2 Convention Plugin Vulnerability

Last Update Date: 20 Oct 2016 15:09 Release Date: 20 Oct 2016 2767 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in Apache Struts 2, which could be exploited by remote attacker to use for path traversal and execution of arbitrary code on server side.


Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Struts  2.3.20 - 2.3.30

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to Apache Struts versions 2.3.31 or to any version of Struts 2.5.

Vulnerability Identifier


Source


Related Link