Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ufcq-57q9-53c7

Summary The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

Aliases

alias	CVE-2012-0394

alias	GHSA-hmvj-gc9q-mg9p

Fixed_packages

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-js22-usgt-8qd9

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-zc1y-ff37-nqat

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20

Affected_packages

url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-fu4h-rp1z-83eq

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-z1gf-169n-m3af

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-fu4h-rp1z-83eq

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-z1gf-169n-m3af

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-z1gf-169n-m3af

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3

url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.2

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.2

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.3

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.3

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.7

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.7

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.12

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.12

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

vulnerability	VCID-vnkw-9fa2-zqcm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.2

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.2

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.3

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.3

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.1

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.1

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.2

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.2

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.3

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-ufcq-57q9-53c7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.3

References

reference_url

http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0394.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0394.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-0394

reference_id

reference_type

scores

value	0.92567
scoring_system	epss
scoring_elements	0.99743
published_at	2026-04-21T12:55:00Z

value	0.92567
scoring_system	epss
scoring_elements	0.99742
published_at	2026-04-18T12:55:00Z

value	0.92567
scoring_system	epss
scoring_elements	0.99738
published_at	2026-04-02T12:55:00Z

value	0.92567
scoring_system	epss
scoring_elements	0.99741
published_at	2026-04-13T12:55:00Z

value	0.92567
scoring_system	epss
scoring_elements	0.99739
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-0394

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58

reference_url

https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d

reference_url

https://issues.apache.org/jira/browse/WW-3729

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-3729

reference_url

http://struts.apache.org/2.x/docs/s2-008.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.x/docs/s2-008.html

reference_url

http://struts.apache.org/2.x/docs/version-notes-2311.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.x/docs/version-notes-2311.html

reference_url

https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt

reference_url

http://www.exploit-db.com/exploits/18329

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.exploit-db.com/exploits/18329

reference_url

http://www.exploit-db.com/exploits/31434

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.exploit-db.com/exploits/31434

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=773167
reference_id	773167
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=773167

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-0394

reference_id

CVE-2012-0394

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-0394

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/31434.rb
reference_id	CVE-2012-0394;OSVDB-78276
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/31434.rb

reference_url	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id	CVE-2012-0394;OSVDB-78276
reference_type	exploit
scores
url	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt

reference_url

https://github.com/advisories/GHSA-hmvj-gc9q-mg9p

reference_id

GHSA-hmvj-gc9q-mg9p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hmvj-gc9q-mg9p

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

date_added	2012-01-06
description	Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2012-01-06
exploit_type	webapps
platform	multiple
source_date_updated	2017-03-10
data_source	Exploit-DB
source_url

date_added	`null`
description	This module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This module has been tested successfully on Struts 2.3.16, Tomcat 7 and Ubuntu 10.04.
required_action	`null`
due_date	`null`
notes	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
known_ransomware_campaign_use	`false`
source_date_published	2012-01-06
exploit_type	`null`
platform	Java
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/struts_dev_mode.rb

Severity_range_score 4.0 - 6.9

Exploitability 2.0

Weighted_severity 6.2

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufcq-57q9-53c7

Vulnerability Instance