This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Windows host contains a web application that uses a Java
framework that is affected by a remote manipulation vulnerability.
The version of Apache Struts installed on the remote Windows host is
version 2.x prior to 126.96.36.199. It is, therefore, affected by a remote
manipulation vulnerability due to incorrect handling of the 'top'
object. An unauthenticated, remote attacker can exploit this, via a
specially crafted request, to manipulate internal components
and container settings.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.
See also :
Upgrade to Apache Struts version 188.8.131.52 or later. Alternatively,
apply the workaround referenced in the vendor advisory.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true