Apache Struts 1 ClassLoader Manipulation

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a web application that uses a Java
framework that is affected by a ClassLoader manipulation
vulnerability.

Description :

The remote web application appears to use Struts 1, a web application
framework. The version of Struts 1 in use contains a flaw that could
allow for the manipulation of the ClassLoader via the 'class'
parameter of an ActionForm object that could allow for a denial of
service attack.

Note that this vulnerability may be exploited to execute arbitrary
remote code in certain application servers with specific
configurations
however, Nessus has not tested for this issue.

Additionally, note that this plugin will only report the first
vulnerable instance of a Struts 1 application.

See also :

http://seclists.org/bugtraq/2014/Apr/177
https://bugzilla.redhat.com/show_bug.cgi?id=1091938
https://access.redhat.com/site/solutions/869353
http://struts.apache.org/struts1eol-announcement.html
http://www.nessus.org/u?f383505d

Solution :

Unknown at this time. Note that Struts 1 has reached end-of-life and
is no longer supported.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 73919 ()

Bugtraq ID: 67121

CVE ID: CVE-2014-0114