Detections
Analytics

Apache Struts 2.0.x < 2.0.12 / 2.1.x < 2.1.6 Directory Traversal Vulnerability (S2-004)

medium Nessus Plugin ID 128766

Language:

Synopsis

A web application running on the remote host uses a Java framework that is affected by a directory traversal vulnerability.

Description

The version of Apache Struts running on the remote host is 2.0.x prior to 2.0.12 or 2.1.x prior to 2.1.6. It is, therefore, affected by a directory traversal vulnerability in FilterDispatcher (in 2.0) and DefaultStaticContentLoader (in 2.1) due to inadequate restrictions. A remote, unauthenticated attacker can exploit this to traverse the directory structure and download arbitrary files.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Struts version 2.0.12 / 2.1.6 or later

See Also

https://cwiki.apache.org/confluence/display/WW/S2-004

Plugin Details

Severity: Medium

ID: 128766

File Name: struts_2_1_6.nasl

Version: 1.4

Type: combined

Agent: windows, macosx, unix

Family: Misc.

Published: 9/13/2019

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Directory traversal

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:struts

Patch Publication Date: 6/22/2007

Vulnerability Publication Date: 6/22/2008