Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
A server hosting Struts 2 is often exposed to the internet and this vulnerability is well known. An unauthenticated attacker could gain complete control of a device and find an entry point for further attacks on your network.
Kill Chain
Risk Score
87
Struts 2 is a framework for Java web applications that can leverage Object-Graph Navigation Language (OGNL) for server-side web page generation. An attacker can exploit vulnerabilities in the OGNL architecture to deliver malicious OGNL code through a web form. Ultimately, the malicious code runs on the server and the attacker can gain unlimited access to the server.
Upgrade to Struts 2.5.26 to install relevant patches
Install relevant patches for enterprise products that are packaged with Struts 2 from vendors such as VMWare, Oracle, IBM, Huawei, HP, Cisco, Atlassian, Lenovo, and HP Enterprise
Implement the principle of least privilege on the Struts 2 web server
Set a specific namespace value in Struts packages
