Apache Struts 2.0.0 < 2.3.16.1 Multiple Vulnerabilities (credentialed check) (Deprecated)

Medium Nessus Plugin ID 81105

Synopsis

This plugin has been deprecated.

Description

This plugin has been deprecated and replaced by struts_2_3_16_1.nasl (plugin ID 117393).

Solution

N/A.

See Also

http://struts.apache.org/docs/version-notes-23161.html

http://struts.apache.org/docs/s2-020.html

Plugin Details

Severity: Medium

ID: 81105

File Name: struts_2_3_16_1_win_local.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 2015/01/30

Updated: 2018/09/12

Dependencies: 73943

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apache:struts

Required KB Items: installed_sw/Apache Struts, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/03/05

Vulnerability Publication Date: 2014/03/06

Exploitable With

Core Impact

Metasploit (Apache Struts ClassLoader Manipulation Remote Code Execution)

Reference Information

CVE: CVE-2014-0050, CVE-2014-0094

BID: 65400, 65999

CERT: 719225