Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass

Medium Nessus Plugin ID 73763

Synopsis

The remote web server contains a web application that uses a Java framework that is affected by a security bypass vulnerability.

Description

The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. The version of Struts 2 in use is affected by a security bypass vulnerability, possibly due to an incomplete fix for ClassLoader manipulation implemented in version 2.3.16.1.

Note that this plugin will only report the first vulnerable instance of a Struts 2 application.

Solution

Upgrade to version 2.3.16.2 or later.

See Also

http://struts.apache.org/announce.html#a20140424

http://struts.apache.org/docs/s2-021.html

Plugin Details

Severity: Medium

ID: 73763

File Name: struts_2_3_16_2_dos.nasl

Version: $Revision: 1.11 $

Type: remote

Published: 2014/04/29

Modified: 2017/01/30

Dependencies: 67257, 10107

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:apache:struts

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/04/24

Vulnerability Publication Date: 2014/04/24

Exploitable With

Metasploit (Apache Struts ClassLoader Manipulation Remote Code Execution)

Reference Information

CVE: CVE-2014-0112, CVE-2014-0113

BID: 67064, 67081

CERT: 719225