Apache Struts 2.5.0 < 2.5.33 / 6.0.0 < 6.3.0.2 Remote Code Execution (S2-066)

critical Nessus Plugin ID 186643

Language:

Version 1.5 Feb 15, 2024, 5:03 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202402151703
Version 1.4 Feb 15, 2024, 2:29 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202402151429
Version 1.4 Dec 20, 2023, 4:49 PM Detection (adjusted constraints, added 2.0.0 thru 2.3.37 as affected) Plugin Feed: 202312201649
Version 1.3 Dec 15, 2023, 2:39 PM IAVM reference Plugin Feed: 202312151439
Version 1.2 Dec 14, 2023, 4:32 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202312141632
Version 1.2 Dec 15, 2023, 12:19 PM IAVM reference Plugin Feed: 202312151219
Version 1.1 Dec 13, 2023, 4:19 PM CVSS metrics ("CVSSv2 score" set to 10.0. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") Plugin Feed: 202312131619
Version 1.1 Dec 14, 2023, 2:28 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202312141428
Version 1.0 Dec 7, 2023, 11:25 AM New Plugin Feed: 202312071125

* Changelogs are generally available for changes made after Nov 1, 2022