Apache Struts 2.x < 220.127.116.11 RCE (S2-007)
Critical Nessus Plugin ID 117392
SynopsisA web application running on the remote host uses a Java framework that is affected by a possible remote code execution.
DescriptionThe version of Apache Struts running on the remote host is 2.x prior to 18.104.22.168. It, therefore, is affected by a possible remote code execution vulnerability when user-supplied input is evaluated as an OGNL expressions when there is a conversion error.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Struts version 22.214.171.124 or later