header-logo
Suggest Exploit
vendor:
Struts
by:
SecurityFocus
7,5
CVSS
HIGH
Remote OGNL Expression Injection
94
CWE
Product Name: Struts
Affected Version From: 2.0.0
Affected Version To: 2.3.14.3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

Apache Struts Remote OGNL Expression Injection Vulnerability

Apache Struts is prone to a remote OGNL expression injection vulnerability. Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application.

Mitigation:

Users should upgrade to Apache Struts 2.3.15.1 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/60345/info

Apache Struts is prone to a remote OGNL expression injection vulnerability.

Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application.

Apache Struts 2.0.0 through versions 2.3.14.3 are vulnerable. 

http://www.example.com/example/%24%7B%23foo%3D%27Menu%27%2C%23foo%7D

http://www.example.com/example/${#foo='Menu',#foo}

Navigation

Suggest Exploit

Services By CQR