Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:STRUTS-PLUGIN-RCE |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Struts 2 Structs 1 Plugin Remote Code Execution |
Release Date |
2017/07/11 |
Update Number |
2952 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache Struts 2 Structs 1 Plugin Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Apache Struts. A successful attack can lead to arbitrary code execution.
Extended Description
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Affected Products
- Apache struts 2.3.1
- Apache struts 2.3.1.1
- Apache struts 2.3.12
- Apache struts 2.3.1.2
- Apache struts 2.3.14
- Apache struts 2.3.14.1
- Apache struts 2.3.14.2
- Apache struts 2.3.14.3
- Apache struts 2.3.15
- Apache struts 2.3.15.1
- Apache struts 2.3.15.2
- Apache struts 2.3.15.3
- Apache struts 2.3.16
- Apache struts 2.3.16.1
- Apache struts 2.3.16.2
- Apache struts 2.3.16.3
- Apache struts 2.3.20
- Apache struts 2.3.20.1
- Apache struts 2.3.20.3
- Apache struts 2.3.24
- Apache struts 2.3.24.1
- Apache struts 2.3.24.3
- Apache struts 2.3.28
- Apache struts 2.3.28.1
- Apache struts 2.3.29
- Apache struts 2.3.3
- Apache struts 2.3.30
- Apache struts 2.3.31
- Apache struts 2.3.32
- Apache struts 2.3.4
- Apache struts 2.3.4.1
- Apache struts 2.3.7
- Apache struts 2.3.8
References
- BugTraq: 99484
- CVE: CVE-2017-9791