Severity: : Critical
  CVE Kennungen: : CVE-2012-0391

  DESCRIPTION

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1004911
  Trend Micro Deep Security DPI Rule Name: 1004911 - Apache Struts2 Multiple Vulnerabilities

  AFFECTED SOFTWARE AND VERSION:

  • apache struts 2.0.0
  • apache struts 2.0.1
  • apache struts 2.0.10
  • apache struts 2.0.11
  • apache struts 2.0.11.1
  • apache struts 2.0.11.2
  • apache struts 2.0.12
  • apache struts 2.0.13
  • apache struts 2.0.14
  • apache struts 2.0.2
  • apache struts 2.0.3
  • apache struts 2.0.4
  • apache struts 2.0.5
  • apache struts 2.0.6
  • apache struts 2.0.7
  • apache struts 2.0.8
  • apache struts 2.0.9
  • apache struts 2.1.0
  • apache struts 2.1.1
  • apache struts 2.1.2
  • apache struts 2.1.3
  • apache struts 2.1.4
  • apache struts 2.1.5
  • apache struts 2.1.6
  • apache struts 2.1.8
  • apache struts 2.1.8.1
  • apache struts 2.2.1
  • apache struts 2.2.1.1
  • apache struts 2.2.3