10
CVE-2012-0838
- EPSS 13.88%
- Veröffentlicht 02.03.2012 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.88% | 0.961 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://issues.apache.org/jira/browse/WW-3668
http://jvn.jp/en/jp/JVN79099262/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012
http://struts.apache.org/2.3.1.2/docs/s2-007.html