CVE-2007-4556

NUCLEI

OpenSymphony XWork < 1.2.3 - Remote Code Execution via OGNL Expression Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-4556 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.

Nuclei Templates (1)

OpenSymphony XWork/Apache Struts2 - Remote Code Execution
MEDIUMby pikpikcu

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25524
Vendor Advisory x_refsource_confirm
http://jira.opensymphony.com/browse/XW-544
Third Party Advisory x_refsource_confirm
http://issues.apache.org/struts/browse/WW-2030
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3041
Patch, Vendor Advisory x_refsource_confirm
http://forums.opensymphony.com/ann.jspa?annID=54
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3042
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26693
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26681
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/37072
Patch, Third Party Advisory x_refsource_confirm
http://struts.apache.org/2.x/docs/s2-001.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26694

Scores

EPSS 0.0211
EPSS Percentile 84.5%

Details

Status published
Products (2)
opensymphony/xwork < 1.2.3
opensymphony/xwork 0 - 1.2.3Maven
Published Aug 28, 2007
Tracked Since Feb 18, 2026