CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.3%
Added: 03/26/2012
CVE: CVE-2011-3923
BID: 51628
OSVDB: 78109
Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture.
Struts uses Object-Graph Navigation Language (OGNL) to provide extensive expression evaluation capabilities. Struts 2 versions prior to 2.3.1.2 allow OGNL expressions to be evaluated via parentheses. The ParametersInterceptor class is responsible for passing user-supplied parameters to the application stack. Because ParametersInterceptor does not filter parentheses, it is possible for a user to supply OGNL expressions inside Parentheses, which could result in the execution of arbitrary system commands.
Upgrade to Struts 2.3.1.2 or later.
<http://struts.apache.org/2.x/docs/s2-008.html>
<https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt>
This exploit has been tested against Apache Software Foundation Struts 2.3.1.1 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
The executable smbclient
must be available on the exploit server, and a valid SMB user with permission to write to the SMB share is required. The smb password is not allowed to contain single quotes (').
Windows
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.3%