- Home
- CVEs with nessus.description==The version of Apache Struts running on the remote Windows host is 2.x prior to 2.3.29. It is, therefore, affected by the following vulnerabilities :
- A remote code execution vulnerability exists due to erroneously performing double OGNL evaluation of attribute values assigned to certain tags. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.
(CVE-2016-0785)
- A cross-site request forgery (XSRF) vulnerability exists due to improper validation of session tokens. An unauthenticated, remote attacker can exploit this, via a malicious OGNL expression, to bypass token validation and perform an XSRF attack. (CVE-2016-4430)
- Multiple input validation issues exists that allow internal security mechanisms to be bypassed, allowing the manipulation of a return string which can be used to redirect users to a malicious website. This affects both the default action method the 'getter' action method.
(CVE-2016-4431, CVE-2016-4433)
- An unspecified flaw exists that is triggered during the cleanup of action names. An unauthenticated, remote attacker can exploit this, via a specially crafted payload, to perform unspecified actions. (CVE-2016-4436)
- A remote code execution vulnerability exists in the REST plugin due to improper handling of OGNL expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted OGNL expression, to execute arbitrary code. (CVE-2016-4438)
- A denial of service vulnerability exists in URLValidator due to improper handling of form fields. An unauthenticated, remote attacker can exploit this, via a crafted URL, to overload the server when performing validation on the URL. (CVE-2016-4465)
- A remote code execution vulnerability exists in user tag attributes due to improper handling of OGNL expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted double OGNL evaluation, to execute arbitrary code. (CVE-2016-4461)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top