Intrusion Prevention

Apache.Struts.2.Wildcard.Matching.OGNL.Code.Execution

Description

This indicates an attack attempt to exploit a Code Execution vulnerability in Apache Struts OGNL expressions.
The vulnerability is due to flaw in OGNL when the vulnerable application is handling a Wildcard matching the action name of a HTTP request to the server. A remote attacker may be able to exploit this to execute arbitrary code execution within the context of the System, via a crafted HTTP request.

Affected Products

Apache Software Foundation Struts 2 prior to 2.3.14.3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's website for suggested workaround.
http://struts.apache.org/development/2.x/docs/s2-015.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2025-02-12	30.953	Modified	Sig Added
2019-01-31	14.538	Modified	Sig Added

References

https://cwiki.apache.org/confluence/display/WW/S2-015

ID	36093
Created	Oct 17, 2013
Updated	Feb 12, 2025
CVE ID
Risk
Exploit Prediction Score	92.05%
Default Action	drop
Active
Affected OS	All
Affected App	Apache
Profile Type	Code Injection

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

Apache.Struts.2.Wildcard.Matching.OGNL.Code.Execution

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

Apache.Struts.2.Wildcard.Matching.OGNL.Code.Execution

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

References

Threat Intelligence
Center