ID de Prueba:	1.3.6.1.4.1.25623.1.0.801663
Categoría:	Web application abuses
Título:	Apache Struts Security Update (S2-005) - Active Check
Resumen:	Apache Struts is prone to a remote command execution; (RCE) vulnerability.
Descripción:	Summary: Apache Struts is prone to a remote command execution (RCE) vulnerability. Vulnerability Insight: The flaw is due to an error in 'OGNL' extensive expression evaluation capability in XWork in Struts, uses as permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the '#' protection mechanism in ParameterInterceptors via various variables. Vulnerability Impact: Successful exploitation will allow an attacker to manipulate server-side context objects with the privileges of the user running the application. Affected Software/OS: Apache Struts 2.0.0 through 2.1.8.1. Solution: Update to version 2.2.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1870 BugTraq ID: 41592 http://www.securityfocus.com/bid/41592 http://www.exploit-db.com/exploits/14360 http://seclists.org/fulldisclosure/2010/Jul/183 http://seclists.org/fulldisclosure/2020/Oct/23 http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html http://www.osvdb.org/66280 http://secunia.com/advisories/59110 http://securityreason.com/securityalert/8345
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.