Summary
This host is running Apache Struts2 and is prone to redirection and security bypass vulnerabilities.
Impact
Successful exploitation will allow remote attacker to execute arbitrary arbitrary Java code via OGNL (Object-Graph Navigation Language) or redirect user to a malicious url.
Solution
Upgrade to Apache Struts 2 version 2.3.15.1 or later, For updates refer to http://struts.apache.org
Insight
Flaws are due to improper sanitation of 'action:', 'redirect:', and 'redirectAction:' prefixing parameters before being used in DefaultActionMapper.
Affected
Apache Struts 2.0.0 to 2.3.15
Detection
Send an expression along with the redirect command via HTTP GET request and check whether it is redirecting and solve the expression or not.
References
- http://seclists.org/fulldisclosure/2013/Jul/157
- http://secunia.com/advisories/54118
- http://struts.apache.org/development/2.x/docs/s2-016.html
- http://struts.apache.org/development/2.x/docs/s2-017.html
- http://struts.apache.org/release/2.3.x/docs/version-notes-23151.html
- http://www.osvdb.com/95405
- http://www.osvdb.com/95406
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-2248, CVE-2013-2251 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities