TROYANOSYVIRUS
Back to CVEs

CVE-2019-0230

CRITICAL
9.8

Description

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/14/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

apache:strutsoracle:communications_policy_managementoracle:financial_services_data_integration_huboracle:financial_services_market_risk_measurement_and_managementoracle:mysql_enterprise_monitor

Weaknesses (CWE)

CWE-1321

References

http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html(security@apache.org)
http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html(security@apache.org)
https://cwiki.apache.org/confluence/display/ww/s2-059(security@apache.org)
https://launchpad.support.sap.com/#/notes/2982840(security@apache.org)
https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E(security@apache.org)
https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E(security@apache.org)
https://www.oracle.com/security-alerts/cpuApr2021.html(security@apache.org)
https://www.oracle.com/security-alerts/cpujan2021.html(security@apache.org)
https://www.oracle.com/security-alerts/cpuoct2021.html(security@apache.org)
http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html(af854a3a-2127-422b-91ae-364da2661108)
https://cwiki.apache.org/confluence/display/ww/s2-059(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2982840(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.