|
|||
Rule General Information |
---|
Release Date: | 2019-06-27 | |
Rule Name: | Apache_Struts_2_ConversionErrorInterceptor_OGNL_Script_Injection_attack-public-sec-consult-1 Vulnerability (CVE-2012-0391) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. | |
Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | ExploitDB:18329 http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html http://struts.apache.org/2.x/docs/s2-008.html http://struts.apache.org/2.x/docs/version-notes-2311.html |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: http://struts.apache.org/2.x/docs/version-notes-2311.html |