CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/47393	Vendor Advisory
http://struts.apache.org/2.x/docs/version-notes-2311.html	Vendor Advisory
https://issues.apache.org/jira/browse/WW-3668	Vendor Advisory
http://struts.apache.org/2.x/docs/s2-008.html	Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html	Exploit
https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt	Exploit
http://www.exploit-db.com/exploits/18329	Exploit

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Information

Published : 2012-01-08 07:55

Updated : 2018-11-23 06:36

NVD link : CVE-2012-0391

Mitre link : CVE-2012-0391

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

apache

struts

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/47393", "name": "47393", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "name": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://issues.apache.org/jira/browse/WW-3668", "name": "https://issues.apache.org/jira/browse/WW-3668", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://struts.apache.org/2.x/docs/s2-008.html", "name": "http://struts.apache.org/2.x/docs/s2-008.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html", "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "name": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.exploit-db.com/exploits/18329", "name": "18329", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-0391", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-01-08T15:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.2.3.1", "versionStartIncluding": "2.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-23T14:36Z"}