Apache Struts 2.0.0 < Multiple Vulnerabilities (credentialed check) (Deprecated)

Medium Nessus Plugin ID 81105


This plugin has been deprecated.


This plugin has been deprecated and replaced by struts_2_3_16_1.nasl (plugin ID 117393).



See Also



Plugin Details

Severity: Medium

ID: 81105

File Name: struts_2_3_16_1_win_local.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 2015/01/30

Updated: 2018/09/12

Dependencies: 73943

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apache:struts

Required KB Items: installed_sw/Apache Struts, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/03/05

Vulnerability Publication Date: 2014/03/06

Exploitable With

Core Impact

Metasploit (Apache Struts ClassLoader Manipulation Remote Code Execution)

Reference Information

CVE: CVE-2014-0050, CVE-2014-0094

BID: 65400, 65999

CERT: 719225