Struts2, Java web framework, is vulnerable to remote commands execution due to a vulnerability in XWork's ParametersInterceptor, which is enabled by default in Struts2 and WebWork applications. Full vulnerability details and mitigation recommendations are available here: http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
Cheers, Meder
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
