Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Apache Struts - OGNL Console" module is a test case designed to detect the presence of the OGNL console in Apache Struts. This console allows the evaluation of OGNL expressions that could potentially lead to Remote Command Execution. The module is created by DhiyaneshDK and has an informative severity level.
If the OGNL console is accessible, it poses a significant security risk as it can be exploited to execute remote commands on the server. This can lead to unauthorized access, data breaches, and potential compromise of the entire system.
The module sends an HTTP GET request to the "/struts/webconsole.html?debug=console" path. It then applies two matching conditions to determine if the OGNL console is present:
If both conditions are met, the module reports a vulnerability, indicating that the OGNL console is accessible and poses a potential security risk.
Reference:
Remediation:
Restrict access to the OGNL console to authorized users only to mitigate the risk of remote command execution.