Vulnerability Details : CVE-2013-4212
Public exploit exists!
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
Exploit prediction scoring system (EPSS) score for CVE-2013-4212
Probability of exploitation activity in the next 30 days: 96.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-4212
-
Apache Roller OGNL Injection
Disclosure Date: 2013-10-31First seen: 2020-04-26exploit/multi/http/apache_roller_ognl_injectionThis module exploits an OGNL injection vulnerability in Apache Roller < 5.0.2. The vulnerability is due to an OGNL injection on the UIAction controller because of an insecure usage of the ActionSupport.getText method. This module has been tested successfully on Apach
CVSS scores for CVE-2013-4212
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-4212
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4212
-
http://rollerweblogger.org/project/entry/apache_roller_5_0_2
Roller: free and open source Java blog softwarePatch
-
http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
Remote code execution in Apache Roller via OGNL injection | Synopsys
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89239
Apache Roller OGNL command execution CVE-2013-4212 Vulnerability Report
-
http://www.exploit-db.com/exploits/29859
Apache Roller - OGNL Injection (Metasploit) - Java remote ExploitExploit
Products affected by CVE-2013-4212
- cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:roller:5.0:*:*:*:*:*:*:*