Apache Archiva is an extensible repository management software.
Apache Archiva is affected by following vulnerabilities:
- Apache Archiva is affected by a vulnerability in the version of the Struts library being used, which allows a malicious user to run code on the server remotely.
Archiva 1.3 to Archiva 1.3.6
The unsupported versions Archiva 1.2 to 1.2.2 are also affected.
A remote attacker can exploit these vulnerabilities to conduct cross-site scripting attacks or execute arbitrary OGNL expressions on the targeted system.
User are advised to upgrade to the latest version of software available. Latest version can be downloaded from here
Following are links for downloading patches to fix the vulnerabilities: