CVE-2013-4212

Apache Roller < 5.0.1 - Code Injection

Title source: rule

Description

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/29859

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Unknown, juan vazquez · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_roller_ognl_injection.rb

View Code ZIP pw:eip

References (7)

[Patch] http://rollerweblogger.org/project/entry/apache_roller_5_0_2

[Vendor Advisory] http://secunia.com/advisories/55862

[Vendor Advisory] http://secunia.com/advisories/55877

[Exploit] http://www.exploit-db.com/exploits/29859

[Third Party Advisory, VDB Entry] http://www.osvdb.org/100342

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/89239

[Vendor Advisory] http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html

Scores

EPSS 0.8703

EPSS Percentile 99.4%

Details

CWE

CWE-94

Status published

Products (4)

apache/roller 4.0

apache/roller 4.0.1

apache/roller 5.0

apache/roller < 5.0.1

Published Dec 07, 2013

Tracked Since Feb 18, 2026