Intrusion Prevention

Apache.Struts.2.OGNL.Script.Injection

Description

This indicates a possible attack against a Command Execution vulnerability in Apache Struts 2.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may exploit this by sending a specially crafted HTTP request to a vulnerable system. A successful attack may allow an attacker to execute arbitrary OGNL expressions in the security context of the web application server.

Affected Products

Apache Software Foundation Struts 2 prior to 2.2.3.1
Apache Software Foundation Struts 2.3 - Struts 2.3.34, Struts 2.5 - Struts 2.5.16

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.