Apache Struts2 S2-001 Remote Code Execution Vulnerability CVE-2007-4556 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Apache Struts2 S2-001 Remote Code Execution Vulnerability CVE-2007-4556 Scanner Detail

There is a remote code execution vulnerability in Apache Struts2 S2-001.

Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.

Some Advice for Common Problems

Update your Apache Struts Server, to the latest version to eliminate this vulnerability.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service