The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
Metrics
Affected Vendors & Products
References
History
Tue, 13 Aug 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-01-08T15:00:00Z
Updated: 2024-09-16T17:07:51.825Z
Reserved: 2012-01-08T00:00:00Z
Link: CVE-2012-0391
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2012-01-08T15:55:01.217
Modified: 2024-12-19T20:11:52.633
Link: CVE-2012-0391
Redhat