Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-0394

** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20120105 SEC Consult S...
EXPLOIT-DB: 18329
MISC: http://struts.apache.o...
MISC: http://struts.apache.o...
MISC: https://www.sec-consul...
EXPLOIT-DB: 31434
OSVDB: 78276

Launchpad.net

CVE 2012-0394

Related bugs

References