Summary
This host is running Apache Struts and is prone to Cross Site Scripting Vulnerability.
Impact
Successful exploitation will let the attacker issue malicious URL or can inject malicious codes inside the web page contents to gain sensitive information.
Impact Level: Application
Solution
Upgrade to Apache Struts version 2.1.1 or 2.0.11.1.
http://struts.apache.org/download.cgi
Insight
This flaw is due to improper sanitization of the user supplied input in '<s:url>' and '<s:a ...>' tag which doesn't encode the URL parameter when specified in the action attribute which causes XSS attacks.
Affected
Apache Struts version 2.0 and prior to 2.0.11.1
Apache Struts version 2.1 and prior to 2.1.1
References
Severity
Classification
-
CVE CVE-2008-6682 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities