logo
DATABASE RESOURCES PRICING ABOUT US

Apache Struts vulnerability CVE-2012-0391

Description

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. ([CVE-2012-0391](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0391>)) Impact No F5 products are affected by this vulnerability in default, standard, or recommended configurations. BIG-IP AAM is affected by this vulnerability only if the Apache Struts configuration has been deliberately configured to enable Development Mode (devMode). devMode is disabled by default on BIG-IP AAM. BIG-IP AAM 16.0.0 and later are not vulnerable, regardless of the Apache Struts configuration.


Related