Executive Summary
| Summary | |
|---|---|
| Title | Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20131023-struts2 | First vendor Publication | 2013-10-23 |
| Vendor | Cisco | Last vendor Modification | 2013-10-23 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| - Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 should contact their Cisco representative for available options. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJn58YACgkQUddfH3/BbTqtIAD8CazUZc6aTemD1bZtDxo/oi/W W33zrOUz45kD8clR/7QA/julEKAMtCsAR7O2Q9zdsitg5kK/z9M2UBVVG/tWix3G =sr+X END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Apache Struts DefaultActionMapper redirect Prefix Vulnerability | More info here |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-10-17 | IAVM : 2013-A-0201 - Multiple Vulnerabilities in Oracle MySQL Products Severity : Category I - VMSKEY : V0040782 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-05-23 | Apache Struts2 remote code execution attempt RuleID : 49885 - Revision : 1 - Type : SERVER-APACHE |
| 2014-03-15 | Apache Struts2 blacklisted method redirect RuleID : 29748 - Revision : 6 - Type : SERVER-APACHE |
| 2014-03-15 | Apache Struts2 blacklisted method redirect RuleID : 29747 - Revision : 6 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Struts2 remote code execution attempt RuleID : 27245 - Revision : 7 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Struts2 blacklisted method redirect RuleID : 27244 - Revision : 6 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Struts2 blacklisted method redirectAction RuleID : 27243 - Revision : 6 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-05-08 | Name : A web application running on the remote host is affected by multiple vulnerab... File : mysql_enterprise_monitor_2_3_14.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote web server hosts an application that is affected by multiple vulne... File : archiva_1_3_8.nasl - Type : ACT_GATHER_INFO |
| 2013-07-19 | Name : The remote web server contains a web application that uses a Java framework, ... File : struts_2_3_15_1_command_execution.nasl - Type : ACT_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2013-10-31 13:24:11 |
|
| 2013-10-23 21:22:52 |
|
| 2013-10-23 21:19:20 |
|
