The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html | Broken Link |
http://struts.apache.org/2.x/docs/s2-008.html | Vendor Advisory |
http://struts.apache.org/2.x/docs/version-notes-2311.html | Release Notes Vendor Advisory |
http://www.exploit-db.com/exploits/18329 | Exploit Third Party Advisory VDB Entry |
http://www.exploit-db.com/exploits/31434 | Exploit Third Party Advisory VDB Entry |
http://www.osvdb.org/78276 | Broken Link |
https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt | Broken Link |
Configurations
History
07 Nov 2023, 02:09
Type | Values Removed | Values Added |
---|---|---|
Summary | The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself. |
07 Jan 2021, 19:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://struts.apache.org/2.x/docs/version-notes-2311.html - Release Notes, Vendor Advisory | |
References | (EXPLOIT-DB) http://www.exploit-db.com/exploits/18329 - Exploit, Third Party Advisory, VDB Entry | |
References | (EXPLOIT-DB) http://www.exploit-db.com/exploits/31434 - Exploit, Third Party Advisory, VDB Entry | |
References | (OSVDB) http://www.osvdb.org/78276 - Broken Link | |
References | (MISC) https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt - Broken Link | |
References | (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html - Broken Link | |
CPE | cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* |
Information
Published : 2012-01-08 15:55
Updated : 2024-04-11 00:48
NVD link : CVE-2012-0394
Mitre link : CVE-2012-0394
CVE.ORG link : CVE-2012-0394
JSON object : View
Products Affected
apache
- struts
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')