CVE-2010-1870 Apache Archiva affected by Struts2 remote commands execution Severity: Important
Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.5 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: Apache Archiva is affected by a vulnerability in the version of the Struts library being used, which allows a malicious user to run code on the server remotely. More details about the vulnerability can be found at http://struts.apache.org/2.2.1/docs/s2-005.html. Mitigation: All users of affected versions are recommended to upgrade to Archiva 1.3.6, which configures Struts in such a way that it is not affected by this issue. References: http://archiva.apache.org/security.html -- Brett Porter [email protected] http://brettporter.wordpress.com/ http://au.linkedin.com/in/brettporter http://twitter.com/brettporter
