CVE-2013-4212
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/55877
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/55862
Vendor advisory: secalert@redhat.com — http://rollerweblogger.org/project/entry/apache_roller_5_0_2
References
- http://rollerweblogger.org/project/entry/apache_roller_5_0_2
- http://secunia.com/advisories/55862
- http://secunia.com/advisories/55877
- http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
- http://www.exploit-db.com/exploits/29859
- http://www.osvdb.org/100342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89239
- http://rollerweblogger.org/project/entry/apache_roller_5_0_2
- http://secunia.com/advisories/55862
- http://secunia.com/advisories/55877
- http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
- http://www.exploit-db.com/exploits/29859
- http://www.osvdb.org/100342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89239
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.