This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attack against Apache Structs which may allow arbitrary commands executed on the server.
Apache Struts is a framework for building web applications.
Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Specifically, the application permits attackers to bypass protection mechanisms built into the 'ParameterInterceptor' class with OGNL expressions. Predefined context variables identified with a '#' can be altered to permit command-execution.
- Apache Struts versions 2.0.0 through 126.96.36.199 are vulnerable.