CVE-2012-0391
unknown
KEV
CVSS v3
—
CVSS v2
—
VIR risk
1.5
Description
The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.
CISA KEV
- Vendor
- Apache
- Product
- Struts 2
- Due date
- 2022-07-21
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2012-0391
Exploits
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.struts:struts2-core | <2.2.3.1 | 2.2.3.1 |
| Maven | org.apache.struts.xwork:xwork-core | <2.2.3.1 | 2.2.3.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2012-0391
- https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
- https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
- https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
- https://github.com/apache/struts
- https://issues.apache.org/jira/browse/WW-3668
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391
- https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
- http://secunia.com/advisories/47393
- http://struts.apache.org/2.x/docs/s2-008.html
- http://struts.apache.org/2.x/docs/version-notes-2311.html
- http://www.exploit-db.com/exploits/18329
Verify integrity in audit chain (admin only). AS-IS.