CVE-2012-0838

EPSS 11.11%
Veröffentlicht 02.03.2012 22:55:01
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Struts Version >= 2.0.0 <= 2.2.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.11%	0.934

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://issues.apache.org/jira/browse/WW-3668

Vendor Advisory

Issue Tracking

http://jvn.jp/en/jp/JVN79099262/index.html

Third Party Advisory

VDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012

Third Party Advisory

VDB Entry

http://struts.apache.org/2.3.1.2/docs/s2-007.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-0838