SynopsisThe remote web server contains a web application that uses a Java framework that is affected by a remote code execution vulnerability.
DescriptionThe remote web application appears to use Apache Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. A remote code execution vulnerability exists in the REST plugin due to improper handling of OGNL expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted OGNL expression, to execute arbitrary code.
Note that this plugin only reports the first vulnerable instance of a Struts 2 application.
SolutionUpgrade to Apache Struts version 2.3.29 or later.