This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote web server hosts a web application that uses a Java
framework that contains incorrect default exclude patterns.
The remote web server is using Apache Struts version 2.3.20. It is,
therefore, affected by an issue where the default exclude patterns are
incorrect when using default settings. This allows a remote attacker
to impact the internal application's state.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.
See also :
Upgrade to Apache Struts version 188.8.131.52 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false