SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.
SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt
This event is generated when there is no content-length or transfer encoding found in an HTTP response which could indicate an issue with the traffic.
This alert is defined by the http_inspect preprocessor.
What To Look For
No Content-Length or Transfer-Encoding in HTTP response.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Technique: User Execution
For reference, see the MITRE ATT&CK vulnerability types here:
Memory Corruption is any vulnerability that allows the modification of the content of memory locations in a way not intended by the developer. Memory corruption results are inconsistent; they could lead to fatal errors and system crashes or data leakage; some have no effect at all.
CVE Additional Information
CVE-2013-2134Apache Struts 2 before 220.127.116.11 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
||Ease of Access||