Apache Structs Multiple Vulnerabilities

Last Update Date: 21 Jun 2016 09:32 Release Date: 21 Jun 2016 3729 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

Multiple vulnerabilities were identified in Apache Structs. A remote user can exploit these vulnerabilities to perform remote code execution and CSRF (Cross-site request forgery) attack on the target system.

Impact

Remote Code Execution
Security Restriction Bypass

System / Technologies affected

Struts 2.0.0 - Struts 2.3.28.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

The vendor has issued a fix (upgrade to Struts 2.3.29 or 2.5.1)

Vulnerability Identifier

CVE-2016-4465
CVE-2016-4438
CVE-2016-4436
CVE-2016-4433
CVE-2016-4431
CVE-2016-4430
CVE-2016-0785

Source

AusCERT