SynopsisA web application running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the multiple vulnerabilities in the bundled version of Apache Struts :
- Input validation errors exist that allows the execution of arbitrary Object-Graph Navigation Language (OGNL) expressions via specially crafted parameters to the DefaultActionMapper. (CVE-2013-2251)
- Multiple unspecified vulnerabilities exist related to dynamic method invocation being enabled by default.
SolutionUpgrade to MySQL Enterprise Monitor 2.3.14 or later.