CVE-2012-0838

EPSS 25.9%
Published 02.03.2012 22:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Struts Version >= 2.0.0 <= 2.2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.9%	0.961

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://issues.apache.org/jira/browse/WW-3668

Vendor Advisory

Issue Tracking

http://jvn.jp/en/jp/JVN79099262/index.html

Third Party Advisory

VDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012

Third Party Advisory

VDB Entry

http://struts.apache.org/2.3.1.2/docs/s2-007.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-0838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0838

EUVD