CVE-2012-0392 in Apache Strutsinfo

Summary

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

01/08/2012

Disclosure

01/08/2012

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
4512Apache Struts CookieInterceptor access control264Proof-of-ConceptOfficial fixCVE-2012-0392

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!