Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2012-0394
HistoryJan 08, 2012 - 3:55 p.m.

CVE-2012-0394

2012-01-0815:55:01
CWE-94
[email protected]
web.nvd.nist.gov
6

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.938

Percentile

99.1%

JSON

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

Affected configurations

Nvd
Node
apachestrutsRange2.0.02.3.17
VendorProductVersionCPE
apachestruts*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Related

exploitdb 2
metasploit 1
prion 1
dsquare 3
nessus 2
nuclei 1
checkpoint_advisories 1
ubuntucve 1
packetstorm 1
zdt 1
f5 1
github 1
osv 1
cvelist 1
cve 1
canvas 1
openvas 1
ibm 1
vmware 1
exploitdb
exploitdb
Apache Struts - Developer Mode OGNL Execution (Metasploit)
2014-02-05 00:00:00
Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities
2012-01-06 00:00:00
metasploit
metasploit
Apache Struts 2 Developer Mode OGNL Execution
2014-01-26 00:17:01
prion
prion
Security feature bypass
2012-01-08 15:55:00
dsquare
dsquare
Apache-Struts DebuggingInterceptor < 2.3.1.1 RCE Linux
2012-03-24 00:00:00
Apache-Struts DebuggingInterceptor < 2.3.1.1 RCE Windows
2012-03-24 00:00:00
Apache-Struts ExceptionDelegator < 2.3.1.1 RCE Linux
2012-03-24 00:00:00
nessus
nessus
Apache Struts 2.0.0 < 2.3.18 RCE (S2-008)
2024-09-24 00:00:00
VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
2012-08-31 00:00:00
nuclei
nuclei
Apache Struts <2.3.1.1 - Remote Code Execution
2022-11-14 17:41:43
checkpoint_advisories
checkpoint_advisories
Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)
2014-02-17 00:00:00
ubuntucve
ubuntucve
CVE-2012-0394
2012-01-08 00:00:00
packetstorm
packetstorm
Apache Struts Developer Mode OGNL Execution
2014-02-01 00:00:00
zdt
zdt
Apache Struts Developer Mode OGNL Execution Exploit
2014-02-04 00:00:00
f5
f5
K25570584 : Apache Struts vulnerability CVE-2012-0394
2020-12-11 00:00:00
github
github
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
2022-05-04 00:29:43
osv
osv
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
2022-05-04 00:29:43
cvelist
cvelist
CVE-2012-0394
2012-01-08 15:00:00
cve
cve
CVE-2012-0394
2012-01-08 15:55:01
canvas
canvas
Immunity Canvas: STRUTSCODEINJECTION
2012-01-08 15:55:00
openvas
openvas
Apache Struts Security Update (S2-008)
2021-09-14 00:00:00
ibm
ibm
Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.
2024-04-12 17:35:43
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.938

Percentile

99.1%

JSON
Related for NVD:CVE-2012-0394
exploitdb2metasploit1prion1dsquare3nessus2nuclei1checkpoint_advisories1ubuntucve1packetstorm1zdt1f51github1osv1cvelist1cve1canvas1openvas1ibm1vmware1