7.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.961 High
EPSS
Percentile
99.5%
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka “OGNL Injection.”
CPE | Name | Operator | Version |
---|---|---|---|
apache:roller | apache roller | le | 5.0.1 |
apache:roller | apache roller | eq | 4.0 |
apache:roller | apache roller | eq | 4.0.1 |
apache:roller | apache roller | eq | 5.0 |
rollerweblogger.org/project/entry/apache_roller_5_0_2
secunia.com/advisories/55862
secunia.com/advisories/55877
security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
www.exploit-db.com/exploits/29859
www.osvdb.org/100342
exchange.xforce.ibmcloud.com/vulnerabilities/89239