Apache Struts Incomplete Fix Remote Code Execution Vulnerability

Apache Struts is prone to a remote code-execution vulnerability.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.

Apache Struts 2.0.0 through 2.3.28.1 are vulnerable.

Note: This issue is the result of an incomplete fix for CVE-2016-0785 described in 85066 (Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability).


 

Privacy Statement
Copyright 2010, SecurityFocus