Intrusion Prevention



This indicates attack attempts against multiple Persistence Cross Site Scripting vulnerabilities in Apache Struct framework.
The vulnerabilities is caused because the vulnerable application fails to sanitise user-supplied input. Successful attacks may allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application.

Affected Products

Apache struts 2.2.3 and prior.


System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

Recommended Actions

Upgrade to the latest version, available from the web site.

CVE References