Apache Struts - Remote Code Execution (CVE-2017-9791)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Apache Struts is affected by a Remote Code Execution vulnerability. Apache Struts 2.3.x with the Struts 1 plugin allows attackers to use existing Struts 1 Action and ActionForms in Struts 2 applications. This vulnerability is caused by the message presented to the user, which is processed by the "ActionMessage" routine and returned back to the user by the "message" function. Lacking proper validation before execution, the message processed by the server may potentially cause remote code execution. This allows a malicious unauthenticated attacker to execute arbitrary code on the server. The use of Object Graph Navigation Language (OGNL) makes it easy to execute arbitrary code remotely because Apache Struts uses it for most of its processes.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the Apache Struts in order to steal confidential information, install ransomware or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade Apache Struts to the latest version or to a version higher or equal than 2.4.
- Codename
- S2-048
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Jul 2017
- Published at
- Updated at
- Software Type
- Web framework
- Vendor
- Apache
- Product
- Struts