- Home
- CVEs with nessus.description==The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. When Dynamic Method Invocation is enabled, it is possible to pass a malicious expression to the 'method:' prefix. A remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the remote web server.
Note that this plugin will only report the first vulnerable instance of a Struts 2 application.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top