The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. Due to a flaw in the evaluation of an OGNL expression prefixed by the 'action:' parameter, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the remote web server. An attacker can exploit the issue by sending a specially crafted HTTP request to the remote web server.

Note that the 'redirect:' and 'redirectAction' parameters are also reportedly affected by the command execution vulnerability.
Additionally, this version of Struts 2 is also reportedly affected by an open redirect vulnerability; however, Nessus has not tested for this additional issue.

Note also that this plugin will only report the first vulnerable instance of a Struts 2 application.

Finally, note that Apache Archiva versions prior to and equal to 1.3.6 are also affected by this issue as the application utilizes a vulnerable version of Struts 2.

Detections

Analytics

Apache Struts 2 'action:' Parameter Arbitrary Remote Command Execution

critical Nessus Plugin ID 68981

Version 1.36