SQL Injection Vulnerabilities in Apache Jetspeed User Manager Service

SQL Injection Vulnerabilities in Apache Jetspeed User Manager Service

CVE-2016-0710 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Learn more about our Cis Benchmark Audit For Apache Http Server.