virus logo Intrusion Prevention

Apache.Struts.2.ParametersInterceptor.Remote.Command.Execution

description-logoDescription

This indicates an attack attempt against a command-execution vulnerability in the web application framework Apache Struts2.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code.

affected-products-logoAffected Products

Apache Software Foundation Struts 2.1.8 .1
Apache Software Foundation Struts 2.1.8
Apache Software Foundation Struts 2.1.1
Apache Software Foundation Struts 2.1
Apache Software Foundation Struts 2.0.12
Apache Software Foundation Struts 2.0.11 .2
Apache Software Foundation Struts 2.0.11 .1
Apache Software Foundation Struts 2.0.9
Apache Software Foundation Struts 2.0.8
Apache Software Foundation Struts 2.0.7
Apache Software Foundation Struts 2.0.6
Apache Software Foundation Struts 2.0.5
Apache Software Foundation Struts 2.0.4
Apache Software Foundation Struts 2.0.3
Apache Software Foundation Struts 2.0.2
Apache Software Foundation Struts 2.0.1
Apache Software Foundation Struts 2.0

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service

recomended-action-logoRecommended Actions

Upgrade to Apache Software Foundation Struts 2.2.1 or later:
http://struts.apache.org/2.2.1/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-11-26 16.969 Sig Added
2019-06-14 14.633 Sig Added
ID 24310
Created Sep 21, 2010
Updated Nov 03, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2008-6504 CVE-2010-1870 CVE-2011-3923
Exploit Prediction Score 94.95%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Apache