HomePentest-Tools.com Logo

Apache Struts Security Update (S2-061) - Version Check CVE-2020-17530

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache Struts is prone to a remote code execution (RCE) vulnerability.

Risk description

Some of the tags attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a remote code execution and security degradation.

Recommendation

Update to version 2.5.26 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 11, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available