Apache : Security Vulnerabilities, CVEs, Published In 2012

CVE-2012-0394

Public exploit
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Max CVSS
6.8
EPSS Score
94.20%
Published
2012-01-08
Updated
2024-04-11

CVE-2012-0391

Known exploited
Public exploit
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
Max CVSS
9.3
EPSS Score
29.32%
Published
2012-01-08
Updated
2018-11-23
CISA KEV Added
2022-01-21

CVE-2011-4858

Public exploit
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.0
EPSS Score
65.13%
Published
2012-01-05
Updated
2018-01-09
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close