Lucene search
HistoryMar 02, 2012 - 10:55 p.m.
CVE-2012-0838
cve-2012-0838
apache struts
remote code execution
ognl expression
security vulnerability
9.5 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
88.3%
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:struts | apache struts | le | 2.2.3 |
Related
github
github
Apache Struts Code injection due to conversion error
2022-05-14 01:51:59
osv
osv
Apache Struts Code injection due to conversion error
2022-05-14 01:51:59
ubuntucve
ubuntucve
CVE-2012-0838
2012-03-02 00:00:00
jvn
jvn
openvas
openvas
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
2012-03-13 00:00:00
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
2012-03-13 00:00:00
prion
prion
Design/Logic Flaw
2012-03-02 22:55:00
ibm
ibm
Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.
2024-04-12 17:35:43
wallarmlab
wallarmlab
New Struts2 Remote Code Execution exploit caught in the wild
2017-03-09 00:15:54
9.5 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
88.3%
Related for CVE-2012-0838