HomePentest-Tools.com Logo

Apache Struts - Remote Code Execution CVE-2017-9791

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache Struts is affected by a Remote Code Execution vulnerability. Apache Struts 2.3.x with the Struts 1 plugin allows attackers to use existing Struts 1 Action and ActionForms in Struts 2 applications. This vulnerability is caused by the message presented to the user, which is processed by the "ActionMessage" routine and returned back to the user by the "message" function. Lacking proper validation before execution, the message processed by the server may potentially cause remote code execution. This allows a malicious unauthenticated attacker to execute arbitrary code on the server. The use of Object Graph Navigation Language (OGNL) makes it easy to execute arbitrary code remotely because Apache Struts uses it for most of its processes.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the Apache Struts in order to steal confidential information, install ransomware or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Upgrade Apache Struts to the latest version or to a version higher or equal than 2.4.

Codename
S2-048
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
Yes
CVE Published
Jul 1, 2017
Detection added at
Software Type
Web framework
Vendor
Apache
Product
Struts