Intrusion Prevention

Apache.Struts.2.FindStaticResource.Directory.Traversal

Description

This indicates an attack attempt against a directory-traversal vulnerability in the Apache Struts.
The vulnerability is caused by an error when the vulnerable server handles a specially crafted URI within directory traversal patterns. It allows a remote attacker to disclose or access arbitrary files on the vulnerable server.

Affected Products

Apache Struts prior to 2.0.12

Impact

Information Disclosure
Security Bypass

Recommended Actions

Update to version 2.0.12:
http://struts.apache.org/.

CVE References

CVE-2008-6505