Summary
This host is running Apache Struts and is prone to Directory Traversal Vulnerability.
Impact
Successful exploitation will let the attacker launch directory traversal attack and gain sensitive information about the remote system directory contents.
Impact Level: System/Application
Solution
Upgrade to Apache Struts version 2.0.12, 2.1.3 or later.
http://struts.apache.org/download.cgi
Insight
Input validation error within the user supplied request URI while read arbitrary files via '../' with a '/struts/' path which is related to FilterDispatcher and DefaultStaticContentLoader.
Affected
Apache Struts version 2.0.x and prior to 2.0.12
Apache Struts version 2.1.x and prior to 2.1.3
References
Severity
Classification
-
CVE CVE-2008-6505 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities