Apache Struts Config Browser Plugin Detection

Medium Nessus Plugin ID 122235

Synopsis

Detects Apache Struts Config Browser Plugin on the remote host.

Description

The Apache Struts Config Browser Plugin, a simple tool to help view an application's configuration at runtime, was detected on the remote host.

This plugin should be used only during development phase and access to it should be strictly restricted.

Solution

Ensure proper restrictions are in place, or remove the Config Browser Plugin if it is not required.

See Also

https://struts.apache.org/plugins/config-browser/

Plugin Details

Severity: Medium

ID: 122235

File Name: struts_config_browser_detect.nbin

Version: 1.21

Type: remote

Family: CGI abuses

Published: 2019/02/15

Updated: 2020/06/26

Dependencies: 10107, 67257

Asset Inventory: True

Risk Information

Risk Factor: Medium

CVSS Score Source: manual

CVSS Score Rationale: Information disclosure

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:struts

Excluded KB Items: Settings/disable_cgi_scanning