CVE-2019-0230

CRITICAL NUCLEI

Apache Struts 2.0.0-2.5.20 - Remote Code Execution via Forced Double OGNL Evaluation

Title source: llm

Exploitation Summary

EIP tracks 7 public exploits for CVE-2019-0230. PoCs published by West Shepherd, ramoncjs3, PrinceFPF, including Metasploit module exploits/multi/http/struts2_multi_eval_ognl. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages CVE-2019-0230, a double OGNL evaluation vulnerability in Apache Struts 2.0.0 to 2.5.20, to achieve remote code execution (RCE) via a crafted multipart/form-data payload. The payload manipulates OGNL context to bypass security restrictions and execute arbitrary commands.

Description

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Exploits (7)

exploitdb WORKING POC

by West Shepherd · pythonremotemultiple

https://www.exploit-db.com/exploits/49068

View Code ZIP pw:eip

This exploit leverages CVE-2019-0230, a double OGNL evaluation vulnerability in Apache Struts 2.0.0 to 2.5.20, to achieve remote code execution (RCE) via a crafted multipart/form-data payload. The payload manipulates OGNL context to bypass security restrictions and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Struts 2.0.0 - 2.5.20

No auth needed

Prerequisites: Target must be running a vulnerable version of Apache Struts · Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB 36 stars

by ramoncjs3 · poc

https://github.com/ramoncjs3/CVE-2019-0230

View Code ZIP pw:eip

The repository contains only a README.md file with minimal information about CVE-2019-0230 and s2-059, lacking any exploit code or technical details.

Classification

Stub 10%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 15 stars

by PrinceFPF · poc

https://github.com/PrinceFPF/CVE-2019-0230

View Code ZIP pw:eip

This is a functional exploit PoC for CVE-2019-0230, a remote code execution vulnerability in Apache Struts2. It leverages OGNL injection via a maliciously crafted Content-Type header to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Struts2 (versions 2.0.0 to 2.5.20)

No auth needed

Prerequisites: Target server running vulnerable Struts2 version · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 9 stars

by Al1ex · poc

https://github.com/Al1ex/CVE-2019-0230

View Code ZIP pw:eip

This repository contains a working PoC for CVE-2019-0230, an OGNL injection vulnerability in Apache Struts2. The exploit leverages Struts2's OGNL expression evaluation to execute arbitrary commands, demonstrated by launching 'calc.exe'.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Struts2 (versions 2.0.0 - 2.5.20)

No auth needed

Prerequisites: Vulnerable Struts2 application exposed · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by f8al · poc

https://github.com/f8al/CVE-2019-0230-PoC

View Code ZIP pw:eip

This is a functional exploit for CVE-2019-0230, a remote code execution vulnerability in Apache Struts2. It leverages OGNL injection to execute arbitrary commands via a crafted payload sent to the target endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache Struts2 (versions affected by CVE-2019-0230)

No auth needed

Prerequisites: Target must be running a vulnerable version of Apache Struts2 · Target endpoint must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by tw-eason-tseng · poc

https://github.com/tw-eason-tseng/CVE-2019-0230_Struts2S2-059

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2019-0230, a remote code execution vulnerability in Apache Struts2. The exploit leverages OGNL injection to execute arbitrary commands, including reverse shells, on vulnerable systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Struts2 (versions 2.0.0 - 2.5.20)

No auth needed

Prerequisites: Vulnerable Struts2 application exposed · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Spencer McIntyre, Matthias Kaiser, Alvaro Muñoz, ka1n4t · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/struts2_multi_eval_ognl.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2019-0230 and CVE-2020-17530 in Apache Struts 2 by leveraging forced OGNL evaluation in tag attributes, leading to remote code execution. It supports both direct command execution and staged payloads via crafted HTTP requests.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Struts 2 (versions affected by CVE-2019-0230 and CVE-2020-17530)

No auth needed

Prerequisites: A vulnerable Struts 2 application with exposed endpoints using affected tag attributes

MITRE ATT&CK