CVE-2016-15057 | THREATINT

Description

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the server. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2026-01-23 | Published 2026-01-26 | Updated 2026-01-26 | Assigner apache

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

unaffected

Any version before *

affected

References

www.openwall.com/lists/oss-security/2026/01/26/1

lists.apache.org/thread/hbvf1ztqw2kv51khvzm5nk3mml3nm4z1 vendor-advisory

cve.org (CVE-2016-15057)

nvd.nist.gov (CVE-2016-15057)

Download JSON