Published: 01/11/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Apache Struts prior to 2.3.1.2 allows remote malicious users to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts
redhat jboss enterprise web server 1.0.0

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Explo ...

A demo vulnerable web application.

demo Introduction This demo illustrates how an application built upon a component with security flaws can leave the whole system vulnerable It then shows how a SecurityManager can be used to add protection by limiting the scope of impact Please note that this web application uses a vulnerable version of struts The example vulnerability was based on information found on the f

CWE-732 http://www.exploit-db.com/exploits/24874 http://www.securityfocus.com/bid/51628 https://security-tracker.debian.org/tracker/CVE-2011-3923 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923 http://seclists.org/fulldisclosure/2014/Jul/38 http://www.securitytracker.com/id?1026575 https://exchange.xforce.ibmcloud.com/vulnerabilities/72585 https://nvd.nist.gov https://github.com/collinsrj/demo https://www.exploit-db.com/exploits/24874/

CVE-2011-3923

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect