Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Struts2 Remote Command Execution (S2-052)

Description

Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads.

Remediation

Upgrade to Struts 2.5.13 or Struts 2.3.34.

References

Security Bulletin S2-052

Related Vulnerabilities

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3562)

Magento Incorrect Authorization Vulnerability (CVE-2022-34256)

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

OpenSSL Other Vulnerability (CVE-2003-0131)

Django Numeric Errors Vulnerability (CVE-2013-0306)

Severity

High

Classification

CVE-2017-9805 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities Acumonitor