This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote web server contains a web application that uses a Java
framework that is affected by a remote code execution vulnerability.
The remote web application appears to use the Apache Struts 2 web
framework. A remote code execution vulnerability exists in the REST
plugin, which uses XStreamHandler to insecurely deserialize
user-supplied input in XML requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted XML request, to
execute arbitrary code.
Note that this plugin only reports the first vulnerable instance of a
Struts 2 application.
See also :
Upgrade to Apache Struts version 2.3.34 or 2.5.13 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true