====================================================================

                                   CERT-Renater

                       Note d'Information No. 2016/VULN354
_____________________________________________________________________

DATE                : 19/10/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Struts versions 2.3.20 up
                               to and including 2.3.30.

=====================================================================
http://struts.apache.org/docs/s2-042.html
____________________________________________________________________

Apache Struts 2 Documentation
S2-042

Summary


Possible path traversal in the Convention plugin

Who should read this
All Struts 2 developers and users


Impact of vulnerability
Possible path traversal in the Convention plugin in
Struts 2.3.20 - 2.3.30


Maximum security rating
High


Recommendation
Upgrade to Struts 2.3.31 or to any version of Struts 2.5


Affected Software
Struts 2.3.20 - Struts 2.3.31

Reporter
Takeshi Terada of Mitsui Bussan Secure Directions, Inc.

CVE Identifier
CVE-2016-6795


Problem

It is possible to prepare a special URL which will be used for path
traversal and execution of arbitrary code on server side.


Solution

Upgrade to Apache Struts version 2.3.31 when you are using Struts
2.3.20 - 2.3.30 with the Convention plugin.


Backward compatibility

No backward incompatibility issues are expected.


Workaround

There is no known workaround for this vulnerability, please upgrade
to the mentioned Struts versions.

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================