Apache Struts 2.x < 2.3.18 Multiple Critical Vulnerabilities (S2-008)

critical Nessus Plugin ID 117404

Synopsis

A web application running on the remote host uses a Java framework that is affected by multiple critical vulnerabilities.

Description

The version of Apache Struts running on the remote host is 2.x prior to 2.3.18. It, therefore, is affected by multiple critical vulnerabilities:

- A remote code execution vulnerability exists in ExceptionDelegator due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this issue, to bypass authentication and execute arbitrary commands.

- A remote code execution vulnerability exists in CookieInterceptor due to improper validation for parameter names. An unauthenticated, remote attacker can exploit this issue, to execute arbitrary system commands with static method access to Java functions.

- An arbitrary file write vulnerability exists in ParameterInterceptor due to improper access restrictions. An unauthenticated, remote attacker can exploit this issue, to create and overwrite arbitrary files.

- A remote code execution vulnerability exists in DebugginInterceptor when running in developer mode. An unauthenticated, remote attacker can exploit this issue, to execute arbitrary commands.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Struts version 2.3.18 or later

See Also

http://www.nessus.org/u?ecedf586

Plugin Details

Severity: Critical

ID: 117404

File Name: struts_2_3_1_1.nasl

Version: 1.5

Type: combined

Agent: windows, macosx, unix

Family: Misc.

Published: 9/11/2018

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Remote command execution

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:apache:struts

Patch Publication Date: 1/2/2012

Vulnerability Publication Date: 1/2/2012