Apache Struts Incomplete Fix Remote Code Execution Vulnerability

Apache Struts is prone to a remote code-execution vulnerability.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.

Apache Struts 2.0.0 through are vulnerable.

Note: This issue is the result of an incomplete fix for CVE-2016-0785 described in 85066 (Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability).


Privacy Statement
Copyright 2010, SecurityFocus