← Retour aux CVEs
CVE-2012-0391
CRITICALCISA KEV9.8
Description
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie1/8/2012
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurApache
ProduitStruts 2
Nom vulnerabiliteApache Struts 2 Improper Input Validation Vulnerability
Date ajout KEV2022-01-21
Date limite remediation2022-07-21
Utilise dans ransomwareUnknown
Produits affectes
apache:struts
Faiblesses (CWE)
CWE-94CWE-94
References
http://secunia.com/advisories/47393(cve@mitre.org)
http://struts.apache.org/2.x/docs/s2-008.html(cve@mitre.org)
http://struts.apache.org/2.x/docs/version-notes-2311.html(cve@mitre.org)
http://www.exploit-db.com/exploits/18329(cve@mitre.org)
https://issues.apache.org/jira/browse/WW-3668(cve@mitre.org)
https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt(cve@mitre.org)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/47393(af854a3a-2127-422b-91ae-364da2661108)
http://struts.apache.org/2.x/docs/s2-008.html(af854a3a-2127-422b-91ae-364da2661108)
http://struts.apache.org/2.x/docs/version-notes-2311.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/18329(af854a3a-2127-422b-91ae-364da2661108)
https://issues.apache.org/jira/browse/WW-3668(af854a3a-2127-422b-91ae-364da2661108)
https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.