Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-12611 (GCVE-0-2017-12611)
Vulnerability from cvelistv5 – Published: 2017-09-20 17:00 – Updated: 2024-09-17 01:30
VLAI?
EPSS
Summary
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Severity ?
No CVSS data available.
CWE
- A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Struts |
Affected:
2.0.0 - 2.3.33
Affected: 2.5 - 2.5.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"name": "100829",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Struts",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.0.0 - 2.3.33"
},
{
"status": "affected",
"version": "2.5 - 2.5.10.1"
}
]
}
],
"datePublic": "2017-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-12T20:45:53.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"name": "100829",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-09-07T00:00:00",
"ID": "CVE-2017-12611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Struts",
"version": {
"version_data": [
{
"version_value": "2.0.0 - 2.3.33"
},
{
"version_value": "2.5 - 2.5.10.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"
},
{
"name": "https://struts.apache.org/docs/s2-053.html",
"refsource": "CONFIRM",
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"name": "100829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100829"
},
{
"name": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-12611",
"datePublished": "2017-09-20T17:00:00.000Z",
"dateReserved": "2017-08-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:30:41.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2017-12611
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-12611",
"description": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
"id": "GSD-2017-12611",
"references": [
"https://www.suse.com/security/cve/CVE-2017-12611.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-12611"
],
"details": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
"id": "GSD-2017-12611",
"modified": "2023-12-13T01:21:03.795263Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-09-07T00:00:00",
"ID": "CVE-2017-12611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Struts",
"version": {
"version_data": [
{
"version_value": "2.0.0 - 2.3.33"
},
{
"version_value": "2.5 - 2.5.10.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"
},
{
"name": "https://struts.apache.org/docs/s2-053.html",
"refsource": "CONFIRM",
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"name": "100829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100829"
},
{
"name": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.0.1,2.0.11.2],[2.0.12,2.0.14],[2.1.0,2.1.6],[2.1.8,2.1.8.1], [2.2.1,2.2.1.1],[2.2.3,2.2.3.1],[2.3.1,2.3.1.2],[2.3.3,2.3.4.1],[2.3.5,2.3.14.3], [2.3.15,2.3.15.3],[2.3.16,2.3.16.3],[2.3.17],[2.3.19,2.3.20.2],[2.3.21,2.3.23], [2.3.24.2,2.3.24.3],[2.3.25,2.3.28.1],[2.3.29,2.3.33],[2.5,2.5.10]",
"affected_versions": "All versions starting from 2.0.1 up to 2.0.11.2, all versions starting from 2.0.12 up to 2.0.14, all versions starting from 2.1.0 up to 2.1.6, all versions starting from 2.1.8 up to 2.1.8.1, all versions starting from 2.2.1 up to 2.2.1.1, all versions starting from 2.2.3 up to 2.2.3.1, all versions starting from 2.3.1 up to 2.3.1.2, all versions starting from 2.3.3 up to 2.3.4.1, all versions starting from 2.3.5 up to 2.3.14.3, all versions starting from 2.3.15 up to 2.3.15.3, all versions starting from 2.3.16 up to 2.3.16.3, version 2.3.17, all versions starting from 2.3.19 up to 2.3.20.2, all versions starting from 2.3.21 up to 2.3.23, all versions starting from 2.3.24.2 up to 2.3.24.3, all versions starting from 2.3.25 up to 2.3.28.1, all versions starting from 2.3.29 up to 2.3.33, all versions starting from 2.5 up to 2.5.10",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-08-12",
"description": "Using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
"fixed_versions": [
"2.3.34",
"2.5.12"
],
"identifier": "CVE-2017-12611",
"identifiers": [
"CVE-2017-12611"
],
"not_impacted": "All versions before 2.0.1, all versions after 2.0.11.2 before 2.0.12, all versions after 2.0.14 before 2.1.0, all versions after 2.1.6 before 2.1.8, all versions after 2.1.8.1 before 2.2.1, all versions after 2.2.1.1 before 2.2.3, all versions after 2.2.3.1 before 2.3.1, all versions after 2.3.1.2 before 2.3.3, all versions after 2.3.4.1 before 2.3.5, all versions after 2.3.14.3 before 2.3.15, all versions after 2.3.15.3 before 2.3.16, all versions after 2.3.16.3 before 2.3.17, all versions after 2.3.17 before 2.3.19, all versions after 2.3.20.2 before 2.3.21, all versions after 2.3.23 before 2.3.24.2, all versions after 2.3.24.3 before 2.3.25, all versions after 2.3.28.1 before 2.3.29, all versions after 2.3.33 before 2.5, all versions after 2.5.10",
"package_slug": "maven/org.apache.struts/struts2-core",
"pubdate": "2017-09-20",
"solution": "Upgrade to versions 2.3.24, 2.5.12 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-12611",
"http://www.securityfocus.com/bid/100829",
"https://struts.apache.org/docs/s2-053.html"
],
"uuid": "76abfbfd-9e0c-44fc-a8da-11f352a7be04"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-12611"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://struts.apache.org/docs/s2-053.html",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"name": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"
},
{
"name": "100829",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100829"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-08-12T21:15Z",
"publishedDate": "2017-09-20T17:29Z"
}
}
}
FKIE_CVE-2017-12611
Vulnerability from fkie_nvd - Published: 2017-09-20 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3A90B7-C632-4D3E-9A4F-21E46D273B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "386538BE-F258-4870-8E11-750ADA228026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CF15B9-3714-4206-9971-1F7D59E20483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA32D87-65C7-4589-86B7-500BE3203CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "98C3FB11-4E24-4067-A3A9-021F849DAAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661F1610-9FCD-4FC1-BCA1-69C58E0A1389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C89E22-B106-4EAB-90A1-0EA86C165737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1BABB2-780E-47E0-87A9-A164906C8421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC32348E-7EF4-411C-9A44-CD041ABFA0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94BD452B-AE41-4F7A-9DB9-4B1039582537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFDC53B-7B8E-4333-BC87-E01024EC9C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0818E7-B617-4C30-BFAC-9FE2F375F8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50F4A58E-F3D4-4711-A37E-EA538B112371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFCC96F-FD87-4495-B8A5-19D7898D5662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA0424E-84B4-41BD-8E6C-93E2A77DD6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC53AE5-3640-4FE1-B0B1-EA26C5B9EB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "662A2E4B-A76A-4498-98A6-F90DF65C62B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E720B3A-4CFB-47FE-B80C-67C59D4C7FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA687B56-A09B-4741-84F1-2BD9569A3F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC0E358-8B4D-480B-BFAE-966CB697310A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E8E1C-C667-4AED-86A5-2BD0C62AAD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "88B3348C-1086-4A16-97E3-52DB65FF860A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C65711D-9C5B-4644-A12D-82243CB6FB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1FA9A7-2C8E-4651-9400-190198528642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9093C0-AE6A-4285-B159-8FDBF37E33D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "267A1C33-1C95-41DA-8A01-6F20C7BE1772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4590B9-6A44-4DC6-B7DF-5E6CAAA9D25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30860683-D403-4D24-B356-FD306AEFCA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3316DA-9E34-4955-91CA-E35B141A7007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D152B29-FAD5-4DEA-B187-278EBD37FEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC68463-F500-471C-8600-8F8FD9743B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A92AAE08-4811-465A-8178-25F5F349B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B487975D-6394-4136-B45C-C1F209465B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC41957-8CCA-46A6-BD31-4039EEF3C457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84408BC6-E785-4874-9409-AC02AF0A7897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "79E08D3E-9F86-4E9D-B1BF-EBEA8AB3BEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "443B4E64-2A36-49C6-B09D-77B3BDF69709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2481505C-4FD1-4195-9E10-9DD741498FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "910DCB81-63A8-4BBB-8897-A98A0F2AEEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F75F4616-4B4B-4CAB-968B-502179152D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D12A0A-1DC5-47C7-9FF6-E8103C75FE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "28ED63DB-2AAF-4BC9-A844-074EDF63C89A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C86232DA-90C7-43F8-99CC-C1BFB4BA3F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "38A6CEED-6C43-4325-B36C-9F254CCDFDC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41F43088-26AA-4890-A9D6-1B9B48D5F02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6820E3-8FDF-4BDF-8B62-E604A91F1280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D25ED06A-F12C-443E-9B3F-FDDF52FE9D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "44527919-8403-42A8-9CE1-3B4F58630F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB91D8A-14B8-4263-B90D-F776535F9B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB525941-7175-43C1-9F17-814F5F7C72CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F10D559E-04A0-4002-947C-D3902138795B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "89203DD8-2C95-4546-9504-83654FFA5DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3D5644-CFAC-4FB5-A1FB-387F97876098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1225A0B0-C3F2-4579-BFE9-F8DB2CF596F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC883A7-0766-4857-ABC8-9DB4BA713650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D3553904-BF3C-4636-947A-8AA16D4F38A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E93CE807-D7C2-4865-ACF8-E366A6478B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "22FF6282-0BCA-46EB-9648-6EE3EDA189F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1467BC-9BC8-402D-A420-615CF9698648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12CE716B-867F-49CA-BDAF-194714D990C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6057D5-0787-4026-A202-ACD07C862F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3AE8EA-4D25-4151-A210-ECDE802F8A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "79C615AE-4709-47EB-85F8-BD944096428E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39047809-4E6D-4670-B9BA-D8FD910E38EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71823E13-1896-4EE4-A49C-CFFB717FFD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "291F3624-8AB5-46F2-9BB5-F592DF1C9F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DD053675-DE5E-40A8-B404-4F36AAC82502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B0392E61-6D77-43C3-8009-96BC0F90B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C778ADED-75B5-4AD3-8CDC-EFDFFAD5A742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "067F6249-CC5A-4402-843C-06D5F9F77267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFA78DD-B60C-46AD-BCCB-4E15BB16BEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA1EABE-5292-44C2-8327-54201A42F204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "F327A6EA-69AF-4EB2-8F17-8011678FAB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "603FAA0C-0908-4105-BE3A-016B4A298264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5068CA-A472-47D2-A89F-A43EA8617874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "63CE1226-E0E6-4DC6-AC89-3FFDE6BD7B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E17D62B8-349B-4F30-8849-6912828802C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D5E91133-D585-43F7-9093-94D735B3167E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DD44FD72-ECE7-4E08-AD9E-5CE2C310C2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F914BA-CF16-4B03-A6A2-8C9816EC1248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C82970-62C9-4513-A66D-6BDA4048C27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43CA5-46DE-4513-A309-BE3A60CD5489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D83D2FA-8931-45F8-82D6-DE270A2BA55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D284BF2-101C-490C-85CB-69D156D1FF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAD7A75-378F-4A0F-A10F-E4F7AF60F285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56E43496-097F-4560-BFB1-BDDA4659F197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "96C720D6-312B-477C-A993-BEE39A7ADB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "03367A87-9011-45F4-B534-DEA26F8D4567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CF635DCE-D495-4166-9E25-1E48DDDF9AAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack."
},
{
"lang": "es",
"value": "En Apache Struts versiones 2.0.0 hasta 2.3.33 y versiones 2.5 hasta 2.5.10.1, el uso de una expresi\u00f3n no intencional en una etiqueta Freemarker en lugar de literales de cadena podr\u00eda conllevar a un ataque de tipo RCE."
}
],
"id": "CVE-2017-12611",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T17:29:00.400",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100829"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://struts.apache.org/docs/s2-053.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8FX9-5HX8-CRHM
Vulnerability from github – Published: 2018-10-16 19:35 – Updated: 2024-01-04 21:54
VLAI?
Summary
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
Details
In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Severity ?
9.8 (Critical)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.3.33"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.1"
},
{
"fixed": "2.3.34"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.5.10.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-12611"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:25:30Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
"id": "GHSA-8fx9-5hx8-crhm",
"modified": "2024-01-04T21:54:05Z",
"published": "2018-10-16T19:35:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611"
},
{
"type": "WEB",
"url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa"
},
{
"type": "WEB",
"url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/struts"
},
{
"type": "WEB",
"url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"
},
{
"type": "WEB",
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829"
},
{
"type": "WEB",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal"
}
CERTFR-2019-AVI-403
Vulnerability from certfr_avis - Published: 2019-08-20 - Updated: 2019-08-20
De multiples vulnérabilités ont été découvertes dans Apache Struts. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apache Struts versions ant\u00e9rieures \u00e0 2.5.17",
"product": {
"name": "Struts",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Apache Struts versions ant\u00e9rieures \u00e0 2.3.35",
"product": {
"name": "Struts",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-6505",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6505"
},
{
"name": "CVE-2017-12611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12611"
},
{
"name": "CVE-2014-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0113"
},
{
"name": "CVE-2016-6795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6795"
},
{
"name": "CVE-2017-9791",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9791"
},
{
"name": "CVE-2012-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"
},
{
"name": "CVE-2013-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1965"
},
{
"name": "CVE-2014-0116",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0116"
},
{
"name": "CVE-2012-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0394"
},
{
"name": "CVE-2014-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0094"
},
{
"name": "CVE-2017-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9793"
},
{
"name": "CVE-2016-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4465"
},
{
"name": "CVE-2016-8738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8738"
},
{
"name": "CVE-2014-0112",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0112"
},
{
"name": "CVE-2008-6504",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6504"
},
{
"name": "CVE-2013-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1966"
}
],
"initial_release_date": "2019-08-20T00:00:00",
"last_revision_date": "2019-08-20T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-403",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Struts.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Struts",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache s2-058 du 12 ao\u00fbt 2019",
"url": "https://cwiki.apache.org/confluence/display/WW/s2-058"
}
]
}
CNVD-2017-25632
Vulnerability from cnvd - Published: 2017-09-07
VLAI Severity ?
Title
Apache Struts2 S2-053远程代码执行漏洞
Description
Struts2 是Apache软件基金会负责维护的一个基于MVC设计模式的Web应用框架开源项目。
Apache Struts2存在S2-053远程代码执行漏洞,在Freemarker标记中使用错误的表达式而不是字符串文字时,导致攻击者远程执行代码攻击。
Severity
中
Patch Name
Apache Struts2 S2-053远程代码执行漏洞的补丁
Patch Description
Struts2 是Apache软件基金会负责维护的一个基于MVC设计模式的Web应用框架开源项目。
Apache Struts2存在S2-053远程代码执行漏洞,在Freemarker标记中使用错误的表达式而不是字符串文字时,导致攻击者远程执行代码攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: https://struts.apache.org/docs/s2-053.html?from=timeline&isappinstalled=0
Reference
https://struts.apache.org/docs/s2-053.html?from=timeline&isappinstalled=0
Impacted products
| Name | ['Apache Struts2 >=2.0.1,<=2.3.33', 'Apache Struts2 >=2.5,<=2.5.10'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-12611"
}
},
"description": "Struts2 \u662fApache\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u8d1f\u8d23\u7ef4\u62a4\u7684\u4e00\u4e2a\u57fa\u4e8eMVC\u8bbe\u8ba1\u6a21\u5f0f\u7684Web\u5e94\u7528\u6846\u67b6\u5f00\u6e90\u9879\u76ee\u3002 \r\n\r\nApache Struts2\u5b58\u5728S2-053\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u5728Freemarker\u6807\u8bb0\u4e2d\u4f7f\u7528\u9519\u8bef\u7684\u8868\u8fbe\u5f0f\u800c\u4e0d\u662f\u5b57\u7b26\u4e32\u6587\u5b57\u65f6\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u653b\u51fb\u3002",
"discovererName": "Lupin\uff0cDavid Greene\uff0cRoland McIntosh",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://struts.apache.org/docs/s2-053.html?from=timeline\u0026isappinstalled=0",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-25632",
"openTime": "2017-09-07",
"patchDescription": "Struts2 \u662fApache\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u8d1f\u8d23\u7ef4\u62a4\u7684\u4e00\u4e2a\u57fa\u4e8eMVC\u8bbe\u8ba1\u6a21\u5f0f\u7684Web\u5e94\u7528\u6846\u67b6\u5f00\u6e90\u9879\u76ee\u3002 \r\n\r\nApache Struts2\u5b58\u5728S2-053\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u5728Freemarker\u6807\u8bb0\u4e2d\u4f7f\u7528\u9519\u8bef\u7684\u8868\u8fbe\u5f0f\u800c\u4e0d\u662f\u5b57\u7b26\u4e32\u6587\u5b57\u65f6\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Struts2 S2-053\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Apache Struts2 \u003e=2.0.1\uff0c\u003c=2.3.33",
"Apache Struts2 \u003e=2.5\uff0c\u003c=2.5.10"
]
},
"referenceLink": "https://struts.apache.org/docs/s2-053.html?from=timeline\u0026isappinstalled=0",
"serverity": "\u4e2d",
"submitTime": "2017-09-07",
"title": "Apache Struts2 S2-053\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…