{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5128?format=json","vulnerability_id":"VCID-ufcq-57q9-53c7","summary":"The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors.  NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.","aliases":[{"alias":"CVE-2012-0394"},{"alias":"GHSA-hmvj-gc9q-mg9p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/299743?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-js22-usgt-8qd9"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-zc1y-ff37-nqat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67328?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-fu4h-rp1z-83eq"},{"vulnerability":"VCID-gv5f-auvz-5fda"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-nmgp-r7hb-5ke1"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-r28t-sdc5-kbga"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-z1gf-169n-m3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/299724?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-fu4h-rp1z-83eq"},{"vulnerability":"VCID-gv5f-auvz-5fda"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-nmgp-r7hb-5ke1"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-r28t-sdc5-kbga"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-z1gf-169n-m3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/299725?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-gv5f-auvz-5fda"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-nmgp-r7hb-5ke1"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-r28t-sdc5-kbga"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-z1gf-169n-m3af"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/50524?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/299726?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/299727?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/299728?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/299729?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/299730?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/83972?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/299731?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/299732?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/299733?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.12"},{"url":"http://public2.vulnerablecode.io/api/packages/299734?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/299735?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51812?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/54650?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3"},{"url":"http://public2.vulnerablecode.io/api/packages/299736?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/299737?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.1"},{"url":"http://public2.vulnerablecode.io/api/packages/299738?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.2"},{"url":"http://public2.vulnerablecode.io/api/packages/299739?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.15.3"},{"url":"http://public2.vulnerablecode.io/api/packages/299740?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/299741?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55029?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/299742?format=json","purl":"pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-ufcq-57q9-53c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.3"}],"references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0394.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0394.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0394","reference_id":"","reference_type":"","scores":[{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99748","published_at":"2026-05-14T12:55:00Z"},{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99747","published_at":"2026-05-11T12:55:00Z"},{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99746","published_at":"2026-05-09T12:55:00Z"},{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99745","published_at":"2026-04-24T12:55:00Z"},{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99743","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99742","published_at":"2026-04-18T12:55:00Z"},{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99739","published_at":"2026-04-04T12:55:00Z"},{"value":"0.92567","scoring_system":"epss","scoring_elements":"0.99738","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0394"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58"},{"reference_url":"https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3729"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-008.html"},{"reference_url":"http://struts.apache.org/2.x/docs/version-notes-2311.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/version-notes-2311.html"},{"reference_url":"https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt"},{"reference_url":"http://www.exploit-db.com/exploits/18329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/18329"},{"reference_url":"http://www.exploit-db.com/exploits/31434","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/31434"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=773167","reference_id":"773167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=773167"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0394","reference_id":"CVE-2012-0394","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0394"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/31434.rb","reference_id":"CVE-2012-0394;OSVDB-78276","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/31434.rb"},{"reference_url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_id":"CVE-2012-0394;OSVDB-78276","reference_type":"exploit","scores":[],"url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt"},{"reference_url":"https://github.com/advisories/GHSA-hmvj-gc9q-mg9p","reference_id":"GHSA-hmvj-gc9q-mg9p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmvj-gc9q-mg9p"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":94,"name":"Improper Control of Generation of Code ('Code Injection')","description":"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment."}],"exploits":[{"date_added":null,"description":"This module exploits a remote command execution vulnerability in Apache\n          Struts 2. The problem exists on applications running in developer mode,\n          where the DebuggingInterceptor allows evaluation and execution of OGNL\n          expressions, which allows remote attackers to execute arbitrary Java\n          code. This module has been tested successfully on Struts 2.3.16, Tomcat\n          7 and Ubuntu 10.04.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2012-01-06","exploit_type":null,"platform":"Java","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/struts_dev_mode.rb"},{"date_added":"2012-01-06","description":"Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2012-01-06","exploit_type":"webapps","platform":"multiple","source_date_updated":"2017-03-10","data_source":"Exploit-DB","source_url":""}],"severity_range_score":"4.0 - 6.9","exploitability":"2.0","weighted_severity":"6.2","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufcq-57q9-53c7"}