CVE-2010-1870: Struts2 remote commands execution

[Meder Kydyraliev <meder () o0o nu>]

Struts2, Java web framework, is vulnerable to remote commands execution due
to a vulnerability in XWork's ParametersInterceptor, which is enabled by
default in Struts2 and WebWork applications. Full vulnerability details and
mitigation recommendations are available here:
http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

Cheers,
Meder

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/