CVE-2012-0392

NUCLEI

Apache Struts <2.3.1.1 - RCE

Title source: llm

Description

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SEC Consult · textwebappsmultiple

https://www.exploit-db.com/exploits/18329

View Code ZIP pw:eip

Nuclei Templates (1)

Apache Struts2 S2-008 RCE

MEDIUMby pikpikcu

Shodan: http.html:"apache struts" || http.title:"struts2 showcase" || http.html:"struts problem report"

FOFA: body="struts problem report" || title="struts2 showcase" || body="apache struts"

References (7)

[Broken Link] http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html

[Third Party Advisory] http://secunia.com/advisories/47393

[Vendor Advisory] http://struts.apache.org/2.x/docs/s2-008.html

[Release Notes, Vendor Advisory] http://struts.apache.org/2.x/docs/version-notes-2311.html

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/18329

[Exploit, Third Party Advisory] https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html

[Broken Link] https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt

Scores

EPSS 0.8510

EPSS Percentile 99.4%

Details

Status published

Products (3)

apache/struts 2.0.0 - 2.3.1

org.apache.struts/struts2-core 0 - 2.2.3.1Maven

org.apache.struts.xwork/xwork-core 0 - 2.2.3.1Maven

Published Jan 08, 2012

Tracked Since Feb 18, 2026