0.975 High
EPSS
Percentile
100.0%
Based on the Jakarta plugin plugin Struts remote code execution vulnerability, a malicious user can upload a file by modifying the HTTP request header Content-Type value to trigger the vulnerability, and then execute the system command.
Sound detection method(the detection method by the constant company): the In to the server to issue the http request packet, modify the Content-Type field: Content-Type:%{#context['com. opensymphony. xwork2. dispatcher. HttpServletResponse']. addHeader('vul','vul')}. multipart/form-data
Such as the return response packets in the presence of vul: the vul field entry then indicates the presence of vulnerability.
0.975 High
EPSS
Percentile
100.0%