This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote web server contains a web application that uses a Java
framework that is affected by a security bypass vulnerability.
The remote web application appears to use Struts2, a web framework
that utilizes OGNL (Object-Graph Navigation Language) as an expression
language. The version of Struts2 in use is affected by a security
bypass vulnerability, possibly due to an incomplete fix for ClassLoader
manipulation implemented in version 18.104.22.168.
Note that this plugin will only report the first vulnerable instance
of a Struts2 application.
See also :
Upgrade to version 22.214.171.124 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true