Apache Struts Directory Traversal Vulnerability Network Vulnerability

Summary

This host is running Apache Struts and is prone to Directory Traversal Vulnerability.

Impact

Successful exploitation will let the attacker launch directory traversal attack and gain sensitive information about the remote system directory contents. Impact Level: System/Application

Solution

Upgrade to Apache Struts version 2.0.12, 2.1.3 or later. http://struts.apache.org/download.cgi

Insight

Input validation error within the user supplied request URI while read arbitrary files via '../' with a '/struts/' path which is related to FilterDispatcher and DefaultStaticContentLoader.

Affected

Apache Struts version 2.0.x and prior to 2.0.12 Apache Struts version 2.1.x and prior to 2.1.3

References

http://issues.apache.org/struts/browse/WW-2779
http://secunia.com/advisories/32497
http://struts.apache.org/2.x/docs/s2-004.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6505
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ampache Reflected Cross Site Scripting Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
Apache Struts Directory Traversal Vulnerability
/doc directory browsable ?

Take action and discover your vulnerabilities