Apache : Security Vulnerabilities, CVEs, Published In 2012
CVE-2012-0394
Public exploit
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Max CVSS
6.8
EPSS Score
94.20%
Published
2012-01-08
Updated
2024-04-11
CVE-2012-0391
Known exploited
Public exploit
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
Max CVSS
9.3
EPSS Score
29.32%
Published
2012-01-08
Updated
2018-11-23
CISA KEV Added
2022-01-21
CVE-2011-4858
Public exploit
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.0
EPSS Score
65.13%
Published
2012-01-05
Updated
2018-01-09
3 vulnerabilities found