Summary
This host is running Apache Struts Showcase and is prone to java method execution vulnerability.
Impact
Successful exploitation could allow an attacker to execute arbitrary java method. Further that results to disclose environment variables or cause a denial of service or an arbitrary OS command can be executed.
Impact Level: Application
Solution
Upgrade Apache Struts2 to 2.2.3.1 or later,
For updates refer to http://struts.apache.org/download.cgi
Insight
The flaw is due to an improper conversion in OGNL expression if a non string property is contained in action.
Affected
Apache Struts2 (Showcase) version 2.x to 2.2.3
References
Severity
Classification
-
CVE CVE-2012-0838 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities