This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote web server contains a web application that uses a Java
framework that is affected by a security bypass vulnerability.
The remote web application appears to use Struts 2, a web framework
that utilizes OGNL (Object-Graph Navigation Language) as an expression
language. The version of Struts 2 in use is affected by a security
bypass vulnerability, possibly due to an incomplete fix for
ClassLoader manipulation implemented in version 220.127.116.11.
Note that this plugin will only report the first vulnerable instance
of a Struts 2 application.
See also :
Upgrade to version 18.104.22.168 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: Denial of Service
Nessus Plugin ID: 73763 ()
Bugtraq ID: 6706467081
CVE ID: CVE-2014-0112CVE-2014-0113
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.