[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0391Date: (C)2012-01-08   (M)2023-12-22


The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
EXPLOIT-DB-18329
http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
SECUNIA-47393
http://struts.apache.org/2.x/docs/s2-008.html
http://struts.apache.org/2.x/docs/version-notes-2311.html
https://issues.apache.org/jira/browse/WW-3668
https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt

CPE    1
cpe:/a:apache:struts
CWE    1
CWE-20

© SecPod Technologies