CVE-2012-0394

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:09

Type Values Removed Values Added
Summary ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

Information

Published : 2012-01-08 15:55

Updated : 2024-08-06 19:15


NVD link : CVE-2012-0394

Mitre link : CVE-2012-0394

CVE.ORG link : CVE-2012-0394


JSON object : View

Products Affected

apache

  • struts
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')