Detections
Analytics

Apache Struts 2 devMode Information Disclosure

medium Nessus Plugin ID 34947

Language:

Synopsis

The remote web server contains a Java framework that is configured to operate in debug mode.

Description

The remote web server is using Apache Struts 2, a web application framework for developing Java EE web applications.

The version of Apache Struts 2 installed on the remote host is configured to operate in development mode (devMode). While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related items on the remote host.

Solution

If this server is used in a production environment, disable development mode.

See Also

http://struts.apache.org/docs/devmode.html

http://struts.apache.org/docs/debugging.html

Plugin Details

Severity: Medium

ID: 34947

File Name: struts_devmode.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 11/24/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:struts