Main Vulnerability Database SB2017092010

SB2017092010 - Remote code execution in Apache Struts

Published: September 20, 2017

Security Bulletin ID SB2017092010

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2016-6795)

The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to insufficient input validation. By submitting a specially crafted URL, attackers can perform a path traversal attack that may lead to arbitrary code execution.
Successful exploitation of the vulnerability resuts in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://cwiki.apache.org/confluence/display/WW/S2-042