Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass
High Nessus Plugin ID 73763
SynopsisThe remote web server contains a web application that uses a Java framework that is affected by a security bypass vulnerability.
DescriptionThe remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. The version of Struts 2 in use is affected by a security bypass vulnerability, possibly due to an incomplete fix for ClassLoader manipulation implemented in version 18.104.22.168.
Note that this plugin will only report the first vulnerable instance of a Struts 2 application.
SolutionUpgrade to version 22.214.171.124 or later.