HomePentest-Tools.com Logo

Apache Struts - Remote Code Execution (CVE-2017-9791)

Severity
CVSSv3 Score
9.8
Exploitable with Sniper
Yes
Vulnerability description

Apache Struts is affected by a Remote Code Execution vulnerability. Apache Struts 2.3.x with the Struts 1 plugin allows attackers to use existing Struts 1 Action and ActionForms in Struts 2 applications. This vulnerability is caused by the message presented to the user, which is processed by the "ActionMessage" routine and returned back to the user by the "message" function. Lacking proper validation before execution, the message processed by the server may potentially cause remote code execution. This allows a malicious unauthenticated attacker to execute arbitrary code on the server. The use of Object Graph Navigation Language (OGNL) makes it easy to execute arbitrary code remotely because Apache Struts uses it for most of its processes.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the Apache Struts in order to steal confidential information, install ransomware or pivot to the internal network.

Recommendation

Upgrade Apache Struts to the latest version or to a version higher or equal than 2.4.

Detectable with
Network Scanner
Vuln date
Jul 2017
Published at
Updated at
Software Type
Web framework
Vendor
Apache
Product
Struts
Codename
S2-048