SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Apache Struts OGNL expression injection attempt
This event is generated when an OGNL injection attempt is detected. Impact: Possible remote code execution Details: This vulnerability exists when a web server passes raw user input to an a method that interprets the input as an OGNL expression. This rule detects OGNL injection attempts that try to execute system commands using the Java runtime by searching for "getRuntime" followed by "exec" in any requests to an Apache Struts action page. Ease of Attack: Medium, publicly available exploits for a number of vulnerable web applications.
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2017-9791 |
Loading description
|