Vulnerability Details : CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
Products affected by CVE-2012-0393
- cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0393
93.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0393
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2012-0393
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0393
-
http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
Exploit;Third Party Advisory
-
http://www.exploit-db.com/exploits/18329
Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities - Multiple webapps ExploitExploit;Third Party Advisory
-
http://struts.apache.org/2.x/docs/s2-008.html
S2-008 - DEPRECATED: Apache Struts 2 Documentation - Apache Software FoundationVendor Advisory
-
https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
Page not found | SEC ConsultExploit;Third Party Advisory
-
http://struts.apache.org/2.x/docs/version-notes-2311.html
Version Notes 2.3.11 - DEPRECATED: Apache Struts 2 Documentation - Apache Software FoundationVendor Advisory
Jump to