|
|||
Release Date:2016/08/22
Attack Name:WEB Apache Continuum Arbitrary Command Execution -2 (CVE-2006-unknown)
Severity:
BUG ID:
CVE ID:
Description:
|
A command injection was found in Apache Continuum <= 1.4.2. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.
Impact:Remote code execution
Affected System:Windows, Linux, FreeBSD, Solaris, Other Unix
Additional References:EDB-39886; CVE-2006-unknown; msf
Solution:
|
Update vendor's patch.