Home / Vulnerability Database / Config files : Struts misconfiguration: invalid parameters

Config files

Config files : Struts misconfiguration: invalid parameters

Classification

OWASP Top 10 2013

A5-Security Misconfiguration

OWASP Top 10 2017

A6-Security Misconfiguration

OWASP Top 10 2021

A5-Security Misconfiguration

HIPAA

§164.312 (a)(1)

CWE

CWE-1031

Overview

Struts 1 apps which uses ActionForm are vulnerable to ClassLoader manipulation.

ClassLoader manipulation allows the attackers access and modify settings of the app. On the certain servers like Tomcat 8 an attacker may upload and execute bash scripts.

References

Apache Struts specification
CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control

MEDIUM

Config files : Struts misconfiguration: invalid parameters

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Config files : Struts misconfiguration: invalid parameters in your application?

See also

Config files : Text4Shell Vulnerability

Config files : Incorrect directory deletion

Config files : Code injection