Apache Struts2 Showcase Arbitrary Java Method Execution Vulnerability Network Vulnerability

Summary

This host is running Apache Struts Showcase and is prone to java method execution vulnerability.

Impact

Successful exploitation could allow an attacker to execute arbitrary java method. Further that results to disclose environment variables or cause a denial of service or an arbitrary OS command can be executed. Impact Level: Application

Solution

Upgrade Apache Struts2 to 2.2.3.1 or later, For updates refer to http://struts.apache.org/download.cgi

Insight

The flaw is due to an improper conversion in OGNL expression if a non string property is contained in action.

Affected

Apache Struts2 (Showcase) version 2.x to 2.2.3

References

http://jvn.jp/en/jp/JVN79099262/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000012.html
https://issues.apache.org/jira/browse/WW-3668

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0838
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AdaptBB Multiple Input Validation Vulnerabilities
Admbook PHP Code Injection Flaw
'research_display.php' SQL Injection Vulnerability
ArticleFR CMS Multiple Vulnerabilities - Jan15
AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability

Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability

Take action and discover your vulnerabilities