Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0838

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-0838
Last Modified 26 Jul 2013 12:00:00
Published 02 Mar 2012 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0838

Summary

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

Vulnerable Systems

Application

  • Apache Struts 2.0.11

  • Apache Struts 2.0.11.1

  • Apache Struts 2.0.11.2

  • Apache Struts 2.0.12

  • Apache Struts 2.0.14

  • Apache Struts 2.0.6

  • Apache Struts 2.0.8

  • Apache Struts 2.0.9

  • Apache Struts 2.1.6

  • Apache Struts 2.1.8

  • Apache Struts 2.1.8.1

  • Apache Struts 2.2.1

  • Apache Struts 2.2.1.1

  • Apache Struts 2.2.3


References

CONFIRM - https://issues.apache.org/jira/browse/WW-3668

CONFIRM - http://struts.apache.org/2.3.1.2/docs/s2-007.html

JVNDB - JVNDB-2012-000012

JVN - JVN#79099262


Last Updated: 27 May 2016 10:58:20