HomePentest-Tools.com Logo

Apache Struts <=2.5.20 - Remote Code Execution CVE-2019-0230

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade Apache Struts to a version higher than 2.5.20 or apply the necessary patches provided by the vendor.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Sep 14, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available