Lucene search
PRIOn knowledge basePRION:CVE-2013-4212HistoryDec 07, 2013 - 8:55 p.m.
Design/Logic Flaw
2013-12-0720:55:00
PRIOn knowledge base
www.prio-n.com
3
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka “OGNL Injection.”
References
rollerweblogger.org/project/entry/apache_roller_5_0_2
secunia.com/advisories/55862
secunia.com/advisories/55877
security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
www.osvdb.org/100342
exchange.xforce.ibmcloud.com/vulnerabilities/89239
www.exploit-db.com/exploits/29859
Related
cve
cve
CVE-2013-4212
2013-12-07 20:55:02
d2
d2
DSquare Exploit Pack: D2SEC_APACHE_ROLLER
2013-12-07 20:55:00
zdt
zdt
Apache Roller OGNL Injection Vulnerability
2013-11-26 00:00:00
nvd
nvd
CVE-2013-4212
2013-12-07 20:55:02
packetstorm
packetstorm
Apache Roller OGNL Injection
2013-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Roller OGNL Injection Remote Code Execution (CVE-2013-4212)
2013-12-11 00:00:00
dsquare
dsquare
Apache Roller OGNL Injection
2013-12-10 00:00:00
cvelist
cvelist
CVE-2013-4212
2013-12-07 20:00:00
openvas
openvas
Apache Roller < 5.0.2 Multiple Vulnerabilities
2017-11-27 00:00:00