Apache Struts 2.3.x vulnerable to two year old RCE flaw

The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited for remote code execution attacks.

Apache Struts 2 is a widely-used open source web application framework for developing Java EE web applications. The Commons FileUpload library is used to add file upload capabilities to servlets and web applications. The vulnerability (CVE-2016-1000031) is present in Commons FileUpload versions before 1.3.3, and arose due to the inclusion of a Java Object that can be manipulated to write or copy files to disk in arbitrary locations.

Read more about the Apache Struts flaw on Help Net Security.