This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a remote code execution vulnerability in Apache Struts.
Apache Struts is a framework for building Web applications.
Apache Struts is prone to a remote code-execution vulnerability. Specifically, this issue occurs when handling specially-crafted results with no namespace, or URL tag without value and action set.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.
- Apache Struts 2.3 through 2.3.34, and 2.5 through Struts 2.5.16 are vulnerable.