10

CVE-2012-0838

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheStruts Version >= 2.0.0 <= 2.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.88% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://issues.apache.org/jira/browse/WW-3668
Vendor Advisory
Issue Tracking
http://jvn.jp/en/jp/JVN79099262/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012
Third Party Advisory
VDB Entry
http://struts.apache.org/2.3.1.2/docs/s2-007.html
Vendor Advisory