This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to bypass a security bypass vulnerability in Apache Struts.
Apache Struts is a framework for building web applications.
Apache Struts is prone to a security-bypass vulnerability because it fails to restrict access to 'class' parameter which is directly mapped to 'getClass()' method through 'ParametersInterceptor'. An attacker can exploit this issue to ClassLoader manipulation.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
Apache Struts versions 2.0.0 through 2.3.16 are vulnerable.
- Apache Struts versions 2.0.0 through 2.3.16 are vulnerable.