CVE-2013-4212

Apache Roller < 5.0.1 - Code Injection

Title source: rule

Description

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."

Exploits (2)

metasploit WORKING POC EXCELLENT

by Unknown, juan vazquez · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_roller_ognl_injection.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/29859

View Code ZIP pw:eip

References (7)

[Patch] http://rollerweblogger.org/project/entry/apache_roller_5_0_2

[Vendor Advisory] http://secunia.com/advisories/55862

[Vendor Advisory] http://secunia.com/advisories/55877

[Exploit] http://www.exploit-db.com/exploits/29859

[Third Party Advisory, VDB Entry] http://www.osvdb.org/100342

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/89239

[Vendor Advisory] http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html

Scores

EPSS 0.8711

EPSS Percentile 99.4%

Classification

CWE

CWE-94

Status draft

Affected Products (4)

apache/roller < 5.0.1

apache/roller

apache/roller

apache/roller

Timeline

Published Dec 07, 2013

Tracked Since Feb 18, 2026