Skip to main content

Apache Structs Multiple Vulnerabilities

Last Update Date: 3 Jun 2016 17:38 Release Date: 3 Jun 2016 4211 Views

RISK: High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

 Multiple vulnerabilities were identified in Apache Struct. A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions on the target system.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • CVE-2016-3093 affects version 2.0.0 - 2.3.24.1
  • CVE-2016-3087 affects version 2.3.20 - 2.3.28 (except 2.3.20.3 and 2.3.24.3)

 


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix

 


Vulnerability Identifier


Source


Related Link