CVE-2012-0394 Scanner
Detects 'OGNL Injection (Object-Graph Navigation Language)' vulnerability in Apache Struts affects v. before 2.3.1.1.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
Apache Struts is a widely used framework for building and deploying Java web applications. It provides developers with a tool set of connectors, validators, and templates to build highly scalable and customized applications. This framework is essential for web developers to create enterprise-grade applications that meet the growing demands of businesses.
One vulnerability that stands out in Apache Struts is CVE-2012-0394. This vulnerability is particularly dangerous because it allows remote attackers to execute arbitrary code on an affected server. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL (Object-Graph Navigation Language) commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.
When exploited, CVE-2012-0394 can lead to severe consequences. It is classified as a critical vulnerability, and the exploitation of this vulnerability could lead to data breaches, loss of intellectual property, system downtime, and, worst of all, financial loss. Attackers can exploit this vulnerability by sending malicious input to a vulnerable system through web requests, thus bypassing security mechanisms and gaining control over the targeted system. As a result, the attacker can execute arbitrary commands on the server, obtain sensitive information, and eventually take over the entire system.
By making use of the pro features of securityforeveryone.com, you can easily and quickly learn about vulnerabilities in your digital assets. This platform offers security insights and analysis, providing you with unprecedented visibility into potential vulnerabilities that your digital assets may have. By subscribing to securityforeveryone.com, you can effectively manage and reduce the risk of security breaches and ensure the integrity of your digital assets.
REFERENCES
- http://struts.apache.org/2.x/docs/version-notes-2311.html
- http://struts.apache.org/2.x/docs/s2-008.html
- exploit-db.com: 18329
- archives.neohapsis.com: 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 mailing-list
- exploit-db.com: 31434
- https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
- osvdb.org: 78276
control security posture