Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass

high Nessus Plugin ID 73763

Synopsis

The remote web server contains a web application that uses a Java framework that is affected by a security bypass vulnerability.

Description

The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. The version of Struts 2 in use is affected by a security bypass vulnerability, possibly due to an incomplete fix for ClassLoader manipulation implemented in version 2.3.16.1.

Note that this plugin will only report the first vulnerable instance of a Struts 2 application.

Solution

Upgrade to version 2.3.16.2 or later.

See Also

https://struts.apache.org/announce.html#a20140424

http://struts.apache.org/docs/s2-021.html

Plugin Details

Severity: High

ID: 73763

File Name: struts_2_3_16_2_dos.nasl

Version: 1.16

Type: remote

Published: 4/29/2014

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-0113

Vulnerability Information

CPE: cpe:/a:apache:struts

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/24/2014

Vulnerability Publication Date: 4/24/2014

Exploitable With

Metasploit (Apache Struts ClassLoader Manipulation Remote Code Execution)

Reference Information

CVE: CVE-2014-0112, CVE-2014-0113

BID: 67064, 67081

CERT: 719225