Apache.Struts.2.ParametersInterceptor.Remote.Command.Execution
Description
This indicates an attack attempt against a command-execution vulnerability in the web application framework Apache Struts2.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code.
Affected Products
Apache Software Foundation Struts 2.1.8 .1
Apache Software Foundation Struts 2.1.8
Apache Software Foundation Struts 2.1.1
Apache Software Foundation Struts 2.1
Apache Software Foundation Struts 2.0.12
Apache Software Foundation Struts 2.0.11 .2
Apache Software Foundation Struts 2.0.11 .1
Apache Software Foundation Struts 2.0.9
Apache Software Foundation Struts 2.0.8
Apache Software Foundation Struts 2.0.7
Apache Software Foundation Struts 2.0.6
Apache Software Foundation Struts 2.0.5
Apache Software Foundation Struts 2.0.4
Apache Software Foundation Struts 2.0.3
Apache Software Foundation Struts 2.0.2
Apache Software Foundation Struts 2.0.1
Apache Software Foundation Struts 2.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service
Recommended Actions
Upgrade to Apache Software Foundation Struts 2.2.1 or later:
http://struts.apache.org/2.2.1/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |