The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
Metrics
Affected Vendors & Products
References
History
Mon, 10 Feb 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 | |
Metrics |
cvssV3_1
|
Tue, 13 Aug 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-02-10T20:08:08.781Z
Reserved: 2012-01-08T00:00:00.000Z
Link: CVE-2012-0391

Updated: 2024-08-06T18:23:31.000Z

Status : Deferred
Published: 2012-01-08T15:55:01.217
Modified: 2025-04-11T00:51:21.963
Link: CVE-2012-0391
