| VID |
27103 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Apache Struts running on the remote host is 2.5.x prior to 2.5.14.1. It is, therefore, affected by an unspecified flaw that is triggered when parsing JSON. This allows a remote attacker to cause a denial of service.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14.1
https://cwiki.apache.org/confluence/display/WW/S2-054
https://cwiki.apache.org/confluence/display/WW/S2-055
* Platforms Affected:
Apache Struts 2 5.x prior to 2.5.14.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Struts (2.5.14.1 or later), available from the Apache Struts Web page at
https://struts.apache.org/download.cgi |
| Related URL |
CVE-2017-7525,CVE-2017-15707 (CVE) |
| Related URL |
99623,102021 (SecurityFocus) |
| Related URL |
(ISS) |
|
