13 matches found
VulnCheck KEV: CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...
SUSE CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...
com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)
org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory:...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +228 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.0.11 <=2.3.33)
org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory: OSV:GHSA-8FX9-5HX8-CRHM...
Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611) - Ver2
A remote code execution vulnerability exists in Apache. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Oracle WebLogic Server Multiple Vulnerabilities
Binary data oracleweblogicserverCVE-2017-9805.nbin...
CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...
CVE-2017-12611
CVE-2017-12611 is an Apache Struts vulnerability where an unintentional Freemarker expression in a tag can lead to remote code execution (RCE). The initial description specifies affected releases from Struts 2.0.0–2.3.33 and 2.5–2.5.10.1, due to using a Freemarker expression instead of string lit...
CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...
CVE-2017-12611
creationtimestamp| type| source ---|---|--- 2017-09-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44556 2021-08-25 13:22:18+00:00| seen| https://t.me/truesecator/2035 2023-11-17 10:23:53+00:00| seen| https://t.me/arpsyndicate/256 2025-09-24 13:49:18+00:00|...
Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611)
A remote code execution vulnerability exists in the Apache Struts2 using Freemarker template engine. An attacker could exploit this vulnerability by sending crafted requests to the target host. Successful exploitation could result in execution of arbitrary code on the affected system...
CVE-2017-12611
It was found that Freemarker in Struts would permit using read-only properties in value assignment of tag expressions. An attacker could use this to execute arbitrary code...
Apache Struts2 S2-053 (CVE-2017-12611)
0x00 基本信息 漏洞编号:S2-053(CVE-2017-12611) 漏洞影响:远程代码执行 影响版本:Struts 2.0.1 -Struts 2.3.33, Struts 2.5 - Struts 2.5.10 漏洞修复:升级至最新版本 0x01 环境搭建 先用struts-2.3.33搭一个freemarker的简单项目(官方推荐的min-lib中就带了freemarker-2.3.22.jar,不用再额外去找了),就用漏洞公告里给的那个写法 运行后,未发现效果 表着急,我们用的是hidden,看看源代码 根据经验,应该是二次解析造成的漏洞,验证一下 0x02 构造POC...