CVE-2012-0392

NUCLEI

Apache Struts < 2.3.1.1 - Remote Code Execution via CookieInterceptor

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0392. PoCs published by SEC Consult. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates multiple critical vulnerabilities in Apache Struts2, including remote command execution via ExceptionDelegator, CookieInterceptor, and DebuggingInterceptor, as well as arbitrary file overwrite via ParametersInterceptor. These vulnerabilities arise from OGNL expression injection and improper parameter filtering.

Description

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SEC Consult · textwebappsmultiple
https://www.exploit-db.com/exploits/18329

The exploit demonstrates multiple critical vulnerabilities in Apache Struts2, including remote command execution via ExceptionDelegator, CookieInterceptor, and DebuggingInterceptor, as well as arbitrary file overwrite via ParametersInterceptor. These vulnerabilities arise from OGNL expression injection and improper parameter filtering.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts2 (2.3.1 and below)
No auth needed
Prerequisites: Target application using vulnerable Struts2 version · Access to crafted HTTP requests or headers
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache Struts2 S2-008 RCE
MEDIUMby pikpikcu
Shodan: http.html:"apache struts" || http.title:"struts2 showcase" || http.html:"struts problem report"
FOFA: body="struts problem report" || title="struts2 showcase" || body="apache struts"

References (7)

Core 7
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18329
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
Release Notes, Vendor Advisory x_refsource_confirm
http://struts.apache.org/2.x/docs/version-notes-2311.html
Vendor Advisory x_refsource_confirm
http://struts.apache.org/2.x/docs/s2-008.html
Exploit, Third Party Advisory mailing-list x_refsource_mlist
https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47393

Scores

EPSS 0.9029
EPSS Percentile 99.6%

Details

Status published
Products (3)
apache/struts 2.0.0 - 2.3.1
org.apache.struts/struts2-core 0 - 2.2.3.1Maven
org.apache.struts.xwork/xwork-core 0 - 2.2.3.1Maven
Published Jan 08, 2012
Tracked Since Feb 18, 2026