Apache Struts CVE-2018-11776 Results With No Namespace Remote Code Execution (S2-057) (remote)
Critical Nessus Plugin ID 112064
The remote web server contains a web application that uses a Java framework that is affected by a remote code execution vulnerability.
The version of Apache Struts running on the remote host is affected by a remote code execution vulnerability in the handling of results with no namespace set. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to potentially execute arbitrary code, subject to the privileges of the web server user.
Upgrade to Apache Struts version 2.3.35 / 2.5.17 or later.