Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-HMVJ-GC9Q-MG9P
HistoryMay 04, 2022 - 12:29 a.m.

Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode

2022-05-0400:29:43
Google
osv.dev
5

9.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.942 High

EPSS

Percentile

99.1%

JSON

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not “a security vulnerability itself.”

Related

dsquare 3
cve 1
prion 1
nuclei 1
checkpoint_advisories 1
packetstorm 1
f5 1
zdt 1
github 1
ubuntucve 1
canvas 1
openvas 1
ibm 1
nessus 1
vmware 1
dsquare
dsquare
Apache-Struts ExceptionDelegator < 2.3.1.1 RCE Linux
2012-03-24 00:00:00
Apache-Struts DebuggingInterceptor < 2.3.1.1 RCE Linux
2012-03-24 00:00:00
Apache-Struts DebuggingInterceptor < 2.3.1.1 RCE Windows
2012-03-24 00:00:00
cve
cve
CVE-2012-0394
2012-01-08 15:55:00
prion
prion
Security feature bypass
2012-01-08 15:55:00
nuclei
nuclei
Apache Struts <2.3.1.1 - Remote Code Execution
2022-11-14 17:41:43
checkpoint_advisories
checkpoint_advisories
Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)
2014-02-17 00:00:00
packetstorm
packetstorm
Apache Struts Developer Mode OGNL Execution
2014-02-01 00:00:00
f5
f5
K25570584 : Apache Struts vulnerability CVE-2012-0394
2020-12-11 00:00:00
zdt
zdt
Apache Struts Developer Mode OGNL Execution Exploit
2014-02-04 00:00:00
github
github
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
2022-05-04 00:29:43
ubuntucve
ubuntucve
CVE-2012-0394
2012-01-08 00:00:00
canvas
canvas
Immunity Canvas: STRUTSCODEINJECTION
2012-01-08 15:55:00
openvas
openvas
Apache Struts Security Update (S2-008)
2021-09-14 00:00:00
ibm
ibm
Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.
2024-04-12 17:35:43
nessus
nessus
VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
2012-08-31 00:00:00
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00

9.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.942 High

EPSS

Percentile

99.1%

JSON
Related for OSV:GHSA-HMVJ-GC9Q-MG9P
dsquare3cve1prion1nuclei1checkpoint_advisories1packetstorm1f51zdt1github1ubuntucve1canvas1openvas1ibm1nessus1vmware1