Apache Struts 2.0.x < 2.0.12 Multiple Vulnerabilities (S2-003) (S2-004)
Critical Nessus Plugin ID 117390
SynopsisA web application running on the remote host uses a Java framework
that is affected by multiple vulnerabilities.
DescriptionThe version of Apache Struts running on the remote host is 2.0.x
prior to 2.0.12. It, therefore, is affected by a possible
OGNL expression execution vulnerability due to improper validation
of user-supplied by the ParameterInterceptor class. Additionally,
the application may also be affected by a possible directory
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
SolutionUpgrade to Apache Struts version 2.0.12 or later