Apache Struts Config Browser Plugin Detection

medium Nessus Plugin ID 122235

Synopsis

Detects Apache Struts Config Browser Plugin on the remote host.

Description

The Apache Struts Config Browser Plugin, a simple tool to help view an application's configuration at runtime, was detected on the remote host.

This plugin should be used only during development phase and access to it should be strictly restricted.

Solution

Ensure proper restrictions are in place, or remove the Config Browser Plugin if it is not required.

See Also

https://struts.apache.org/plugins/config-browser/

Plugin Details

Severity: Medium

ID: 122235

File Name: struts_config_browser_detect.nbin

Version: 1.55

Type: remote

Family: CGI abuses

Published: 2/15/2019

Updated: 8/2/2022

Asset Inventory: true

Risk Information

CVSS Score Rationale: Information disclosure

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:struts

Excluded KB Items: Settings/disable_cgi_scanning

Reference Information

IAVT: 0001-T-0534