Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass
Medium Nessus Plugin ID 73763
SynopsisThe remote web server contains a web application that uses a Java framework that is affected by a security bypass vulnerability.
DescriptionThe remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. The version of Struts 2 in use is affected by a security bypass vulnerability, possibly due to an incomplete fix for ClassLoader manipulation implemented in version 184.108.40.206.
Note that this plugin will only report the first vulnerable instance of a Struts 2 application.
SolutionUpgrade to version 220.127.116.11 or later.