Apache Struts 2 devMode Information Disclosure

medium Nessus Plugin ID 34947

Synopsis

The remote web server contains a Java framework that is configured to operate in debug mode.

Description

The remote web server is using Apache Struts 2, a web application framework for developing Java EE web applications.

The version of Apache Struts 2 installed on the remote host is configured to operate in development mode (devMode). While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related items on the remote host.

Solution

If this server is used in a production environment, disable development mode.

See Also

http://struts.apache.org/docs/devmode.html

http://struts.apache.org/docs/debugging.html

Plugin Details

Severity: Medium

ID: 34947

File Name: struts_devmode.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 11/24/2008

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:apache:struts

Excluded KB Items: Settings/disable_cgi_scanning