Apache Struts 2.x < 188.8.131.52 Broken Access Control Vulnerability (S2-018)
Medium Nessus Plugin ID 117391
SynopsisA web application running on the remote host uses a Java framework
that is affected by a broken access control vulnerability.
DescriptionThe version of Apache Struts running on the remote host is 2.x
prior to 184.108.40.206. It, therefore, is affected by a broken access
control vulnerability which can be used to bypass security constraints.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
SolutionUpgrade to Apache Struts version 220.127.116.11 or later or follow the
vendors instructions to disable DMI.