Apache Struts Directory Traversal Vulnerability Network Vulnerability

Summary

This host is running Apache Struts and is prone to Directory Traversal Vulnerability.

Impact

Successful exploitation will let the attacker launch directory traversal attack and gain sensitive information about the remote system directory contents. Impact Level: System/Application

Solution

Upgrade to Apache Struts version 2.0.12, 2.1.3 or later. http://struts.apache.org/download.cgi

Insight

Input validation error within the user supplied request URI while read arbitrary files via '../' with a '/struts/' path which is related to FilterDispatcher and DefaultStaticContentLoader.

Affected

Apache Struts version 2.0.x and prior to 2.0.12 Apache Struts version 2.1.x and prior to 2.1.3

References

http://issues.apache.org/struts/browse/WW-2779
http://secunia.com/advisories/32497
http://struts.apache.org/2.x/docs/s2-004.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6505

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Directory Traversal Vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability

Take action and discover your vulnerabilities