Vulnerability identifier: #VU8213

Vulnerability risk: Medium

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12611

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 2

• April 7, 2020
  • exphub (Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340) [Github]
• March 18, 2020
  • S2-053-CVE-2017-12611 (A simple script for exploit RCE for Struts 2 S2-053(CVE-2017-12611)) [Github]

Impact: Code execution

Vulnerable software:
Apache Struts
Server applications / Frameworks for developing and running applications

Vendor: Apache Foundation