Summary

Acunetix 360 identified a Remote Code Evaluation (Apache Struts 2) by capturing a DNS A request, which occurs when input data is run as code.

Impact

An attacker can send a specially crafted XML request to the application. The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Evaluation when deserializing the XML payloads. 

Remediation

Upgrade to Apache Struts version 2.5.13 or 2.3.34.

Required Skills for Successful Exploitation

This vulnerability is not difficult to leverage, Apache Struts 2 is a high level language for which there are vast resources available. Successful exploitation requires knowledge of the programming language, access to or the ability to produce source code for use in such attacks and minimal attack skills.

Severity

Critical

Classification

PCI v3.2-6.5.1 CWE-94 HIPAA-164.306(a) 164.308(a) ISO27001-A.14.2.5 OWASP 2013-A1 OWASP 2017-A1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O