HomePentest-Tools.com Logo

Apache Struts Security Update (S2-020) - Version Check CVE-2014-0050CVE-2014-0094

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache Struts is prone to multiple vulnerabilities.

Risk description

The default upload mechanism in Apache Struts 2 is based on Commons FileUpload version 1.3 which is vulnerable and allows DoS attacks. Additional ParametersInterceptor allows access to class parameter which is directly mapped to getClass() method and allows ClassLoader manipulation. A remote attacker can execute arbitrary Java code via crafted parameters or cause a Denial of Service.

Recommendation

Update to version 2.3.16.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 1, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available