When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

apache_struts S2-049: S2-049

The version of Apache Struts running on the remote host is 2.3.x prior to 2.3.33. It is, therefore, affected by the following vulnerability:

  - A flaw exists in unspecified Spring AOP functionality     that is used to secure Struts actions. An authenticated,     remote attacker can exploit this to cause a denial of     service condition. (CVE-2017-9787)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebLogic Server installed on the remote host is affected by multiple Apache Struts 2 vulnerabilities.  One of the following vulnerabilities was detected on the asset:

  - CVE-2017-5638: The Jakarta Multipart parser in Apache Struts 2,   specifically 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1
  - CVE-2017-7672: Apache Struts version < 2.5.12
  - CVE-2017-9787: Apache Struts version < 2.5.12 or < 2.3.33
  - CVE-2017-9791: Struts 1 plugin in Apache Struts 2.3.x
  - CVE-2017-9793: Apache Struts < 2.3.7 - 2.3.33 & < 2.5 - 2.5.12
  - CVE-2017-9804: Apache Struts 2.3.7 -2.3.33 & 2.5 - 2.5.12
  - CVE-2017-12611: Apache Struts 2.0.1 - 2.3.33 & 2.5 - 2.5.10

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.2.x prior to 3.2.9.2249, 3.3.x prior to 3.3.5.3292, or 3.4.x prior to 3.4.3.4225.
It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apache Struts running on the remote host is 2.5.x prior to 2.5.12. It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when handling     a specially crafted URL in a form field when the     built-in URL validator is used. An unauthenticated,     remote attacker can exploit this to cause the server     process to overload. Note that this issue only affects     version 2.5.x. (CVE-2017-7672)

  - A flaw exists in unspecified Spring AOP functionality     that is used to secure Struts actions. An authenticated,     remote attacker can exploit this to cause a denial of     service condition. (CVE-2017-9787)

  - A deserialization vulnerability in Apache Commons     FileUpload which could be leveraged for remote     code execution. (CVE-2016-1000031)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
118731	Apache Struts 2.3.x < 2.3.33 Denial of Service (S2-049)	Nessus	Misc.	high
103663	Oracle WebLogic Server Multiple Vulnerabilities	Nessus	Misc.	critical
103536	MySQL Enterprise Monitor 3.2.x < 3.2.9.2249 / 3.3.x < 3.3.5.3292 / 3.4.x < 3.4.3.4225 Multiple Vulnerabilities (October 2017 CPU)	Nessus	CGI abuses	high
101548	Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)	Nessus	Misc.	critical

Detections

Analytics

CVE-2017-9787

high

Tenable Plugins

Coming Soon

high

critical

high

critical