Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.3. It, therefore, is affected by a remote command execution vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201409-04 (MySQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MySQL. Please review       the CVE identifiers referenced below for details.
  Impact :

    A local attacker could possibly gain escalated privileges. A remote       attacker could send a specially crafted SQL query, possibly resulting in       a Denial of Service condition. A remote attacker could entice a user to       connect to specially crafted MySQL server, possibly resulting in       execution of arbitrary code with the privileges of the process.
  Workaround :

    There is no known workaround at this time.

The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the remote web server by sending a specially crafted HTTP request.

Note that this plugin will only report the first vulnerable instance of a Struts 2 application.

ID	Name	Product	Family	Severity
117389	Apache Struts 2.x < 2.3.14.3 RCE (S2-015)	Nessus	Misc.	critical
77548	GLSA-201409-04 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
66931	Apache Struts 2 OGNL Expression Handling Double Evaluation Error Remote Command Execution	Nessus	CGI abuses	high

Detections

Analytics

CVE-2013-2134

high

Tenable Plugins

critical

high

high