This host is running Apache Struts and is prone to information disclosure vulnerability.
Successful exploitation will allow attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, Impact Level: Application.
Upgrade to Struts version 2.2.3 or later For updates refer to http://struts.apache.org/download.cgi
The flaw is due to error in XWork, when handling the 's:submit' element and a nonexistent method, which gives sensitive information about internal Java class paths.
XWork version 2.2.1 in Apache Struts 2.2.1
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability