Vulnerability
Apache Struts is an open-source project of the Apache Software Foundation in the United States. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a “%{“ sequence and ending with a “}” character.
Mitigation / Precaution
We recommend you to upgrade Apache Struts to the latest version.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
