Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-HMVJ-GC9Q-MG9P
HistoryMay 04, 2022 - 12:29 a.m.

Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode

2022-05-0400:29:43
CWE-94
GitHub Advisory Database
github.com
16
apache struts
debugginginterceptor
remote code execution
developer mode
arbitrary commands
security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.938

Percentile

99.1%

JSON

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not “a security vulnerability itself.”

Affected configurations

Vulners
Node
org.apache.struts.xworkxwork-coreRange<2.3.18
VendorProductVersionCPE
org.apache.struts.xworkxwork-core*cpe:2.3:a:org.apache.struts.xwork:xwork-core:*:*:*:*:*:*:*:*

Related

nvd 1
exploitdb 2
metasploit 1
prion 1
dsquare 3
nessus 2
nuclei 1
checkpoint_advisories 1
ubuntucve 1
packetstorm 1
zdt 1
f5 1
osv 1
cvelist 1
cve 1
canvas 1
openvas 1
ibm 1
vmware 1
nvd
nvd
CVE-2012-0394
2012-01-08 15:55:01
exploitdb
exploitdb
Apache Struts - Developer Mode OGNL Execution (Metasploit)
2014-02-05 00:00:00
Apache Struts 2 &lt; 2.3.1 - Multiple Vulnerabilities
2012-01-06 00:00:00
metasploit
metasploit
Apache Struts 2 Developer Mode OGNL Execution
2014-01-26 00:17:01
prion
prion
Security feature bypass
2012-01-08 15:55:00
dsquare
dsquare
Apache-Struts DebuggingInterceptor < 2.3.1.1 RCE Linux
2012-03-24 00:00:00
Apache-Struts DebuggingInterceptor < 2.3.1.1 RCE Windows
2012-03-24 00:00:00
Apache-Struts ExceptionDelegator < 2.3.1.1 RCE Linux
2012-03-24 00:00:00
nessus
nessus
Apache Struts 2.0.0 < 2.3.18 RCE (S2-008)
2024-09-24 00:00:00
VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
2012-08-31 00:00:00
nuclei
nuclei
Apache Struts <2.3.1.1 - Remote Code Execution
2022-11-14 17:41:43
checkpoint_advisories
checkpoint_advisories
Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)
2014-02-17 00:00:00
ubuntucve
ubuntucve
CVE-2012-0394
2012-01-08 00:00:00
packetstorm
packetstorm
Apache Struts Developer Mode OGNL Execution
2014-02-01 00:00:00
zdt
zdt
Apache Struts Developer Mode OGNL Execution Exploit
2014-02-04 00:00:00
f5
f5
K25570584 : Apache Struts vulnerability CVE-2012-0394
2020-12-11 00:00:00
osv
osv
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
2022-05-04 00:29:43
cvelist
cvelist
CVE-2012-0394
2012-01-08 15:00:00
cve
cve
CVE-2012-0394
2012-01-08 15:55:01
canvas
canvas
Immunity Canvas: STRUTSCODEINJECTION
2012-01-08 15:55:00
openvas
openvas
Apache Struts Security Update (S2-008)
2021-09-14 00:00:00
ibm
ibm
Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.
2024-04-12 17:35:43
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.938

Percentile

99.1%

JSON
Related for GHSA-HMVJ-GC9Q-MG9P
nvd1exploitdb2metasploit1prion1dsquare3nessus2nuclei1checkpoint_advisories1ubuntucve1packetstorm1zdt1f51osv1cvelist1cve1canvas1openvas1ibm1vmware1