Apache Struts 2.0.0 < 188.8.131.52 Multiple Vulnerabilities (credentialed check)
Medium Nessus Plugin ID 81105
SynopsisThe remote web server contains a web application that uses a Java framework that is affected by multiple vulnerabilities.
DescriptionThe remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. The version of Struts 2 in use is affected by multiple vulnerabilities :
- A denial of service vulnerability exists due to an issue in the Commons FileUpload version 1.3 that allows remote attackers to cause an infinite loop via a crafted Content-Type header. (CVE-2014-0050)
- A security bypass vulnerability exists due to the application allowing manipulation of the ClassLoader via the 'class' parameter, which is directly mapped to the getClass() method. A remote, unauthenticated attacker can manipulate the ClassLoader used by the application server, resulting in a bypass of certain security restrictions. (CVE-2014-0094)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to version 184.108.40.206 or later.