| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <C15C6A8A-1357-4FE7-9A69-B8B659D3A8D1@apache.org> Date: Sat, 19 Apr 2014 14:03:18 +1000 From: Brett Porter <brett@...che.org> To: "security@...che.org Team" <security@...che.org>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution CVE-2013-2251: Apache Archiva Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.6 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: Apache Archiva is affected by a vulnerability in the version of the Struts library being used, which allows a malicious user to run code on the server remotely. More details about the vulnerability can be found at http://struts.apache.org/2.3.x/docs/s2-016.html. Mitigation: All users are recommended to upgrade to Archiva 2.0.1 or Archiva 1.3.8, which are not affected by this issue. Archiva 2.0.0 and later is not affected by this issue. References: http://archiva.apache.org/security.html
Powered by blists - more mailing lists