Intrusion PreventionApache.Struts.2.OGNL.Script.Injection
Description
This indicates a possible attack against a Command Execution vulnerability in Apache Struts 2.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may exploit this by sending a specially crafted HTTP request to a vulnerable system. A successful attack may allow an attacker to execute arbitrary OGNL expressions in the security context of the web application server.
Affected Products
Apache Software Foundation Struts 2 prior to 2.2.3.1
Apache Software Foundation Struts 2.3 - Struts 2.3.34, Struts 2.5 - Struts 2.5.16
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patches or fixes, available from the website:
http://struts.apache.org/2.x/docs/s2-007.html
https://cwiki.apache.org/confluence/display/WW/S2-057
https://cwiki.apache.org/confluence/display/WW/S2-008
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-10-14 | 18.179 | Sig Added |
| 2020-11-26 | 16.969 | Sig Added |
| 2020-11-24 | 16.967 | Sig Added |
| 2019-10-01 | 14.697 | Sig Added |
| 2019-06-19 | 14.635 | Sig Added |
| 2018-10-16 | 13.473 | Sig Added |
| ID | 30956 |
| Created | Feb 10, 2012 |
| Updated | Oct 13, 2021 |
| Risk |
|
| CVE ID | CVE-2012-0391 CVE-2013-1965 CVE-2018-11776 CVE-2012-0393 CVE-2012-0394 CVE-2013-1966 CVE-2013-2115 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.52% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |