The version of Apache Struts installed on the remote host is prior to 2.3.18. It is, therefore, affected by multiple vulnerabilities as referenced in the S2-008 advisory.

  - The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL     expressions during certain exception handling for mismatched data types of properties, which allows remote     attackers to execute arbitrary Java code via a crafted parameter. (CVE-2012-0391)

  - The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist,     which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers     Java code execution through a static method. (CVE-2012-0392)

  - The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public     constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter     that triggers the creation of a Java object. (CVE-2012-0393)

  - The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows     remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes     this behavior as not a security vulnerability itself. (CVE-2012-0394)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Apache Struts 2.0.0 < 2.3.18 multiple vulnerabilities - Remote command execution and arbitrary file overwrite, Strict DMI does not work correctly(S2-008)

critical Nessus Plugin ID 279485

Version 1.2