This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Windows host contains a web application that uses a Java
framework that is affected by multiple vulnerabilities.
The version of Apache Struts running on the remote Windows host is 2.x
prior to 2.3.28. It is, therefore, affected by the following
- A remote code execution vulnerability exists due to
double OGNL evaluation of attribute values assigned to
certain tags. An unauthenticated, remote attacker can
exploit this, via a specially crafted request, to
execute arbitrary code. (CVE-2016-0785)
- A cross-site scripting vulnerability exists due to
improper validation of user-supplied input when using
the I18NInterceptor. A remote attacker can exploit this,
via a specially crafted request, to execute arbitrary
script code in a user's browser session. (CVE-2016-2162)
- A denial of service vulnerability exists in the
Object-Graph Navigation Language (OGNL) component due to
a flaw in the implementation of the cache for stored
method references. A context-dependent attacker can
exploit this to block access to arbitrary websites.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Apache Struts version 2.3.28 or later. Alternatively,
apply the workaround referenced in the vendor advisory.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false