[Owasp-bhubaneswar] Apache Struts 2 Remotely Exploitable Vulnerability

Somen Das somen.das at owasp.org
Fri Jul 19 19:02:29 UTC 2013


Remotely Exploitable Vulnerabilities in Apache Struts 2 is detected.
 Vulnerabilities that, if successfully exploited, would allow for remote
command execution.

The following version of Apache Struts 2 are vulnerable:

·         Struts 2.0.0 - Struts 2.3.14 (Apache vulnerability S2-013)

·         Struts 2.0.0 - Struts 2.3.15 (Apache vulnerability S2-016)

*Mitigation: *If you are running a vulnerable version you are strongly
urged to update Struts 2  to version 2.3.15.1 which corrects the issue

*References:*

·         *http://struts.apache.org/development/2.x/docs/s2-013.html*

·         *http://struts.apache.org/release/2.3.x/docs/s2-016.html*

·         *http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966*

*http://www.securityfocus.com/bid/60166/info*

*
*

*Thanks & stay secure,*

*Somen*

*OWASP Bhubaneswar Chapter Lead*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bhubaneswar/attachments/20130720/4a6b1405/attachment.html>


More information about the Owasp-bhubaneswar mailing list