| VID |
27099 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. Solution is to upgrade to Apache Struts version 2.3.33.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E
http://struts.apache.org/docs/s2-049.html
* Platforms Affected:
Apache Struts 2 3.x prior to 2.3.33
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Struts (2.3.33 or later), available from the Apache Struts Web page at
http://struts.apache.org/docs/s2-049.html |
| Related URL |
CVE-2017-9787 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
