Intrusion Prevention

Apache.Struts.MPV.Input.Validation.Bypass

Description

This indicates an attack attempt to exploit a Security Bypass vulnerability in Apache Struts.
The vulnerability is caused by an error in MultiPageValidator when handles requests with malicious page parameter. A remote attacker may be able to exploit this to bypass access restrictions via a crafted HTTP request.

Affected Products

Struts 1.x through 1.3.10

Impact

Security Bypass: Remote attackers can bypass security checking of vulnerable systems.

Recommended Actions

Apply patch, available from the web site.
https://osdn.net/projects/terasoluna/wiki/StrutsPatch2-EN

CVE References

CVE-2015-0899