Lucene search
K

13 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

9.8CVSS7.4AI score0.8802EPSS
Exploits6References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.6 views

SUSE CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

9.8CVSS9.5AI score0.8802EPSS
Exploits6References3
vulnersOsv
vulnersOsv
added 2018/10/16 7:35 p.m.7 views

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory:...

9.8CVSS7.1AI score0.99461EPSS
Exploits28
vulnersOsv
vulnersOsv
added 2018/10/16 7:35 p.m.5 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +228 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.0.11 <=2.3.33)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory: OSV:GHSA-8FX9-5HX8-CRHM...

9.8CVSS7.1AI score0.99461EPSS
Exploits28
Check Point Advisories
Check Point Advisories
added 2018/04/15 12:0 a.m.11 views

Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611) - Ver2

A remote code execution vulnerability exists in Apache. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.7AI score0.8802EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2017/10/04 12:0 a.m.72 views

Oracle WebLogic Server Multiple Vulnerabilities

Binary data oracleweblogicserverCVE-2017-9805.nbin...

10CVSS8.5AI score0.99999EPSS
Exploits90References12
OSV
OSV
added 2017/09/20 5:29 p.m.49 views

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

9.8CVSS8.2AI score0.99461EPSS
Exploits23References5
CVE
CVE
added 2017/09/20 5:0 p.m.501 views

CVE-2017-12611

CVE-2017-12611 is an Apache Struts vulnerability where an unintentional Freemarker expression in a tag can lead to remote code execution (RCE). The initial description specifies affected releases from Struts 2.0.0–2.3.33 and 2.5–2.5.10.1, due to using a Freemarker expression instead of string lit...

9.8CVSS9.3AI score0.8802EPSS
Exploits6References5Affected Software1
Cvelist
Cvelist
added 2017/09/20 5:0 p.m.24 views

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

9.5AI score0.8802EPSS
Exploits6References5
Circl
Circl
added 2017/09/08 12:0 a.m.20 views

CVE-2017-12611

creationtimestamp| type| source ---|---|--- 2017-09-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44556 2021-08-25 13:22:18+00:00| seen| https://t.me/truesecator/2035 2023-11-17 10:23:53+00:00| seen| https://t.me/arpsyndicate/256 2025-09-24 13:49:18+00:00|...

9.8CVSS8.9AI score0.8802EPSS
Exploits6References5
Check Point Advisories
Check Point Advisories
added 2017/09/08 12:0 a.m.16 views

Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611)

A remote code execution vulnerability exists in the Apache Struts2 using Freemarker template engine. An attacker could exploit this vulnerability by sending crafted requests to the target host. Successful exploitation could result in execution of arbitrary code on the affected system...

7.5CVSS3.8AI score0.8802EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2017/09/07 2:48 p.m.63 views

CVE-2017-12611

It was found that Freemarker in Struts would permit using read-only properties in value assignment of tag expressions. An attacker could use this to execute arbitrary code...

9.8CVSS3.5AI score0.8802EPSS
Exploits6References2
seebug.org
seebug.org
added 2017/09/07 12:0 a.m.136 views

Apache Struts2 S2-053 (CVE-2017-12611)

0x00 基本信息 漏洞编号:S2-053(CVE-2017-12611) 漏洞影响:远程代码执行 影响版本:Struts 2.0.1 -Struts 2.3.33, Struts 2.5 - Struts 2.5.10 漏洞修复:升级至最新版本 0x01 环境搭建 先用struts-2.3.33搭一个freemarker的简单项目(官方推荐的min-lib中就带了freemarker-2.3.22.jar,不用再额外去找了),就用漏洞公告里给的那个写法 运行后,未发现效果 表着急,我们用的是hidden,看看源代码 根据经验,应该是二次解析造成的漏洞,验证一下 0x02 构造POC...

7.5CVSS9.2AI score0.8802EPSS
Exploits6
Rows per page
Query Builder