CVE-2012-0838

EPSS 25.9%
Veröffentlicht 02.03.2012 22:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Struts Version >= 2.0.0 <= 2.2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	25.9%	0.961

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://issues.apache.org/jira/browse/WW-3668

Vendor Advisory

Issue Tracking

http://jvn.jp/en/jp/JVN79099262/index.html

Third Party Advisory

VDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012

Third Party Advisory

VDB Entry

http://struts.apache.org/2.3.1.2/docs/s2-007.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-0838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0838

EUVD