CVE-2012-0394

NUCLEI

Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-0394. PoCs published by Metasploit, SEC Consult, Johannes Dahse, Andreas Nusser, Alvaro, s PoC, avoided surname because of the spanish char, sorry about that :\, including Metasploit module exploits/multi/http/struts_dev_mode. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits CVE-2012-0394, a remote command execution vulnerability in Apache Struts 2 when running in developer mode. It leverages OGNL expression evaluation to upload and execute a malicious JAR payload, achieving RCE on vulnerable systems.

Description

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotejava
https://www.exploit-db.com/exploits/31434

This Metasploit module exploits CVE-2012-0394, a remote command execution vulnerability in Apache Struts 2 when running in developer mode. It leverages OGNL expression evaluation to upload and execute a malicious JAR payload, achieving RCE on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts 2 (Developer Mode)
No auth needed
Prerequisites: Target running Apache Struts 2 in developer mode · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SEC Consult · textwebappsmultiple
https://www.exploit-db.com/exploits/18329

The exploit demonstrates multiple critical vulnerabilities in Apache Struts2, including remote command execution via ExceptionDelegator, CookieInterceptor, and DebuggingInterceptor, as well as arbitrary file overwrite via ParametersInterceptor. These vulnerabilities arise from OGNL expression injection and improper parameter filtering.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts2 (2.3.1 and below)
No auth needed
Prerequisites: Target application using vulnerable Struts2 version · Access to crafted HTTP requests or headers
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Johannes Dahse, Andreas Nusser, Alvaro, s PoC, avoided surname because of the spanish char, sorry about that :\ · rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/struts_dev_mode.rb

This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2 when running in developer mode. It leverages OGNL expression evaluation to upload and execute a malicious JAR file, achieving arbitrary Java code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts 2 (tested on 2.3.16)
No auth needed
Prerequisites: Target application running in developer mode · Access to the Struts application action path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache Struts <2.3.1.1 - Remote Code Execution
MEDIUMVERIFIEDby tess
Shodan: html:"Struts Problem Report" || http.title:"struts2 showcase" || http.html:"struts problem report" || http.html:"apache struts"
FOFA: body="struts problem report" || title="struts2 showcase" || body="apache struts"

References (7)

Core 7
Core References
Release Notes, Vendor Advisory x_refsource_misc
http://struts.apache.org/2.x/docs/version-notes-2311.html
Vendor Advisory x_refsource_misc
http://struts.apache.org/2.x/docs/s2-008.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18329
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/31434
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/78276

Scores

EPSS 0.9357
EPSS Percentile 99.8%

Details

CWE
CWE-94
Status published
Products (2)
apache/struts 2.0.0 - 2.3.17
org.apache.struts.xwork/xwork-core 0 - 2.3.18Maven
Published Jan 08, 2012
Tracked Since Feb 18, 2026