Detections
Analytics
Apache Struts 2 ExceptionDelegator Arbitrary Remote Command Execution
high Nessus Plugin ID 69240
Language:
Synopsis
The remote web server contains a web application that uses a Java framework that is affected by a remote command execution vulnerability.Description
The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. Due to an error in the way that the ExceptionDelegator component handles mismatched data types, an unauthenticated, remote attacker can execute arbitrary commands on the remote host by sending a specially crafted request order. This flaw is due to the ExceptionDelegator interpreting parameter values as OGNL expressions when there is a conversion error.Note that this plugin will only report the first vulnerable instance of a Struts 2 application.
Solution
Upgrade to version 2.2.3.1 or later.See Also
http://www.nessus.org/u?828dc6d2
Plugin Details
Severity: High
ID: 69240
File Name: struts_exceptiondelegator_command_execution.nasl
Version: 1.23
Type: remote
Family: CGI abuses
Published: 8/7/2013
Updated: 7/17/2023
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2012-0391
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apache:struts
Required KB Items: Settings/enable_web_app_tests
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 9/5/2011
Vulnerability Publication Date: 8/5/2011
CISA Known Exploited Vulnerability Due Dates: 7/21/2022
Exploitable With
CANVAS (D2ExploitPack)
Metasploit (Apache Struts Remote Command Execution)
Reference Information
CVE: CVE-2012-0391