QwikSec

Security Database

CVE

CWE

Training

CVE-2012-0394

Published: Jan 8, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://struts.apache.org/2.x/docs/version-notes-2311.html

x_refsource_MISC

http://struts.apache.org/2.x/docs/s2-008.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2

mailing-list

x_refsource_BUGTRAQ

exploit

x_refsource_EXPLOIT-DB

https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.