Summary
This host is running Apache Struts and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method,
Impact Level: Application.
Solution
Upgrade to Struts version 2.2.3 or later
For updates refer to http://struts.apache.org/download.cgi
Insight
The flaw is due to error in XWork, when handling the 's:submit' element and a nonexistent method, which gives sensitive information about internal Java class paths.
Affected
XWork version 2.2.1 in Apache Struts 2.2.1
References
Severity
Classification
-
CVE CVE-2011-2088 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability