This host is running Apache Struts2 and is prone to redirection and security bypass vulnerabilities.
Successful exploitation will allow remote attacker to execute arbitrary arbitrary Java code via OGNL (Object-Graph Navigation Language) or redirect user to a malicious url.
Upgrade to Apache Struts 2 version 22.214.171.124 or later, For updates refer to http://struts.apache.org
Flaws are due to improper sanitation of 'action:', 'redirect:', and 'redirectAction:' prefixing parameters before being used in DefaultActionMapper.
Apache Struts 2.0.0 to 2.3.15
Send an expression along with the redirect command via HTTP GET request and check whether it is redirecting and solve the expression or not.
Updated on 2015-03-25
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Apache Archiva Multiple Remote Command Execution Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- Apache Struts2 Redirection and Security Bypass Vulnerabilities