This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Windows host contains a web application that uses a Java
framework that is affected by a denial of service vulnerability.
The version of Apache Struts running on the remote Windows host is
2.5.x prior to 2.5.8. It is, therefore, potentially affected by a
denial of service vulnerability in the URLValidator class due to
improper handling of user-supplied input to the form field. An
unauthenticated, remote attacker can exploit this, via a specially
crafted URL, to overload server processes.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.
See also :
Upgrade to Apache Struts version 2.5.8 or later. Alternatively,
apply the workaround referenced in the vendor advisory.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true