Main
Vulnerability Database
Exploits
ID:2310 - Exploit for Remote code execution in Apache Struts - CVE-2017-12611
ID:2310 - Exploit for Remote code execution in Apache Struts - CVE-2017-12611
Published: April 7, 2020
Vulnerability identifier: #VU8213
Vulnerability risk: Medium
CVE-ID: CVE-2017-12611
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Apache Struts
Apache Struts
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to the unsafe use of writable expression values in Freemarker content. A remote attacker can add malicious values to writable expressions that the attacker submits to the affected application for processing and execute arbitrary code in the security context of the affected application.
The weakness exists due to the unsafe use of writable expression values in Freemarker content. A remote attacker can add malicious values to writable expressions that the attacker submits to the affected application for processing and execute arbitrary code in the security context of the affected application.
Remediation
Update to version 2.5.12 or 2.3.34.