Apache Struts Unsupported Version Detection

Critical Nessus Plugin ID 117461

Synopsis

The remote host contains an unsupported version of Apache Struts.

Description

According to its version, the installation of Apache Struts on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Solution

Upgrade to a version of Apache Struts that is currently supported.

See Also

https://struts.apache.org/struts1eol-announcement.html

Plugin Details

Severity: Critical

ID: 117461

File Name: struts_unsupported.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 2018/09/13

Modified: 2018/09/13

Dependencies: 99671, 73943, 11936

Risk Information

Risk Factor: Critical

CVSS Score Source: manual

CVSS Score Rationale: The product is no longer supported by vendor

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:apache:struts

Required KB Items: Settings/ParanoidReport