It was found that Freemarker in Struts would permit using read-only properties in value assignment of tag expressions. An attacker could use this to execute arbitrary code.

References

bugzilla.redhat.com/show_bug.cgi?id=1489478

struts.apache.org/docs/s2-053.html

checkpoint_advisories 2

ibm 5

prion 1

openvas 2

seebug 1

cve 1

cisco 1

atlassian 4

dsquare 1

ubuntucve 1

veracode 1

zdt 1

cvelist 1

f5 1

nvd 1

github 1

nuclei 1

osv 2

threatpost 2

impervablog 1

nessus 2

thn 2

trendmicroblog 1

checkpoint_advisories

Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611) - Ver2

2018-04-15 00:00:00

Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611)

2017-09-08 00:00:00

ibm

Security Bulletin: Open Source Apache Struts Vulnerabilities affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation

2018-06-24 02:07:21

Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Spectrum Conductor with Spark (CVE-2017-9787, CVE-2017-9804, and CVE-2017-12611)

2018-06-18 01:38:10

Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.

2024-04-12 17:44:56

prion

Code injection

2017-09-20 17:29:00

openvas

Apache Struts Security Update (S2-053) - Active Check

2017-09-11 00:00:00

Apache Struts Security Update (S2-053) - Version Check

2021-04-06 00:00:00

seebug

Apache Struts2 S2-053 (CVE-2017-12611)

2017-09-07 00:00:00

cve

CVE-2017-12611

2017-09-20 17:29:00

cisco

Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017

2017-09-09 17:00:00

atlassian

Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611

2020-11-19 00:08:55

Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611

2020-11-19 00:08:55

Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611

2020-11-17 22:21:28

dsquare

Apache Struts 2 Freemarker Tag Handling RCE

2018-10-20 00:00:00

ubuntucve

CVE-2017-12611

2017-09-20 00:00:00

veracode

Remote Code Execution (RCE)

2017-09-08 06:31:48

zdt

Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution Exploit

2018-04-29 00:00:00

cvelist

CVE-2017-12611

2017-09-07 00:00:00

K45474286 : Apache Struts Freemarker Remote Code Execution vulnerability CVE-2017-12611

2017-09-08 00:00:00

nvd

CVE-2017-12611

2017-09-20 17:29:00

github

Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal

2018-10-16 19:35:40

nuclei

Apache Struts2 S2-053 - Remote Code Execution

2021-02-21 14:01:50

osv

Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal

2018-10-16 19:35:40

CVE-2017-12611

2017-09-20 17:29:00

threatpost

Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe

2019-08-15 18:41:37

Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug

2017-09-26 14:28:26

impervablog

Apache Struts, RCE and Managing App Risk

2017-09-18 20:33:25

nessus

Apache Struts 2.1.x >= 2.1.2 / 2.2.x / 2.3.x < 2.3.34 / 2.5.x < 2.5.13 Multiple Vulnerabilities (S2-050 - S2-053)

2017-09-05 00:00:00

Oracle WebLogic Server Multiple Vulnerabilities

2017-10-04 00:00:00

thn

Apache Struts 2 Flaws Affect Multiple Cisco Products

2017-09-11 23:50:00

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

2021-08-23 13:27:00

trendmicroblog

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017

2017-09-15 14:59:53

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.973 High

EPSS

Percentile

99.9%

JSON

Related for RH:CVE-2017-12611