Apache.Struts.2.Wildcard.Matching.OGNL.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Code Execution vulnerability in Apache Struts OGNL expressions.
The vulnerability is due to flaw in OGNL when the vulnerable application is handling a Wildcard matching the action name of a HTTP request to the server. A remote attacker may be able to exploit this to execute arbitrary code execution within the context of the System, via a crafted HTTP request.

affected-products-logoAffected Products

Apache Software Foundation Struts 2 prior to 2.3.14.3

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's website for suggested workaround.
http://struts.apache.org/development/2.x/docs/s2-015.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-01-31 14.538 Sig Added