HTTP: Apache Struts 2 Forced Multi OGNL Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Apache Struts 2. A successful attack can lead to arbitrary code execution.
Extended Description
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Affected Products
Oracle mysql_enterprise_monitor
References
CVE: CVE-2021-31805
URL: https://cwiki.apache.org/confluence/display/WW/S2-059 https://struts.apache.org/announce#a20200813 https://cwiki.apache.org/confluence/display/WW/S2-061 https://securitylab.github.com/advisories/GHSL-2020-205-double-eval-dynattrs-struts2 https://copyfuture.com/blogs-details/202204220922493738
Short Name
HTTP:APACHE:STRTS2-MUL-ONGL-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
2 Apache CVE-2019-0230 CVE-2020-17530 CVE-2021-31805 Code Execution Forced Multi OGNL Remote Struts
Release Date
08/25/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Apache
Oracle
CVSS Score
7.5