Published: 08/01/2012 Updated: 11/04/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The DebuggingInterceptor component in Apache Struts prior to 2.3.1.1, when developer mode is used, allows remote malicious users to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts

SEC Consult Vulnerability Lab Security Advisory < 20120104-0 > ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 * OpenSymphony XWork * OpenSymphony OGNL vulnerable versi ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(upda ...

CWE-94 http://www.exploit-db.com/exploits/18329 http://struts.apache.org/2.x/docs/s2-008.html http://struts.apache.org/2.x/docs/version-notes-2311.html http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt http://www.exploit-db.com/exploits/31434 http://www.osvdb.org/78276 https://nvd.nist.gov https://www.exploit-db.com/exploits/18329/

CVE-2012-0394

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect