virus logo Intrusion Prevention

Apache.Struts.2.ParametersInterceptor.Remote.Command.Execution

description-logoDescription

This indicates an attack attempt against a command-execution vulnerability in the web application framework Apache Struts2.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code.

affected-products-logoAffected Products

Apache Software Foundation Struts 2.1.8 .1
Apache Software Foundation Struts 2.1.8
Apache Software Foundation Struts 2.1.1
Apache Software Foundation Struts 2.1
Apache Software Foundation Struts 2.0.12
Apache Software Foundation Struts 2.0.11 .2
Apache Software Foundation Struts 2.0.11 .1
Apache Software Foundation Struts 2.0.9
Apache Software Foundation Struts 2.0.8
Apache Software Foundation Struts 2.0.7
Apache Software Foundation Struts 2.0.6
Apache Software Foundation Struts 2.0.5
Apache Software Foundation Struts 2.0.4
Apache Software Foundation Struts 2.0.3
Apache Software Foundation Struts 2.0.2
Apache Software Foundation Struts 2.0.1
Apache Software Foundation Struts 2.0

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service

recomended-action-logoRecommended Actions

Upgrade to Apache Software Foundation Struts 2.2.1 or later:
http://struts.apache.org/2.2.1/

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2020-11-26 16.969
Modified
 Sig Added
2019-06-14 14.633
Modified
 Sig Added
ID 24310
Created Sep 21, 2010
Updated Nov 03, 2021
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 92.53%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Apache
Profile Type Other