This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote web server contains a web application that uses a Java
framework that is affected by a ClassLoader manipulation
The remote web application appears to use Struts, a web application
framework. The version of Struts in use contains a flaw that allows
the manipulation of the ClassLoader via the 'class' parameter of an
ActionForm object that results a denial of service.
Note that this vulnerability may be exploited to execute arbitrary
remote code in certain application servers with specific
however, Nessus has not tested for this issue.
Additionally, note that this plugin will only report the first
vulnerable instance of a Struts application.
See also :
Unknown at this time. Note that Struts 1 has reached end-of-life and
is no longer supported.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Family: Denial of Service
Nessus Plugin ID: 73919 ()
Bugtraq ID: 67121
CVE ID: CVE-2014-0114
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.