Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Jan 2014 17:18:24 -0600 (CST)
From: security curmudgeon <>
To: Maksymilian A <>
Subject: Re: CVE Request: Apache Archiva Remote Command Execution 0day

: Please assign CVE for Apache Archiva 0day

>From that link:

Apache Archiva use Apache Struts2:
  "In Struts 2 before the information following "action:", 
"redirect:" or "redirectAction:" is not properly sanitized. Since said 
information will be evaluated as OGNL expression against the value stack, 
this introduces the possibility to inject server side code."


^ All that is CVE-2013-2251.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ