cvelistv5 - cve-2011-3923

CVE-2011-3923 (GCVE-0-2011-3923)

Vulnerability from cvelistv5 – Published: 2019-11-01 13:57 – Updated: 2024-08-06 23:53

Summary

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

Severity ?

No CVSS data available.

CWE

Other

Assigner

Chrome

References

URL

Tags

	http://www.exploit-db.com/exploits/24874	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/51628	vdb-entryx_refsource_BID
	https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2014/Jul/38	x_refsource_MISC
	http://www.securitytracker.com/id?1026575	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	Apache	Struts	Affected: 2.3.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24874",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/24874"
          },
          {
            "name": "51628",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51628"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Jul/38"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026575"
          },
          {
            "name": "72585",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Struts",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.1.2"
            }
          ]
        }
      ],
      "datePublic": "2012-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-01T13:57:37",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "24874",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/24874"
        },
        {
          "name": "51628",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51628"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Jul/38"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securitytracker.com/id?1026575"
        },
        {
          "name": "72585",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2011-3923",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Struts",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24874",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/24874"
            },
            {
              "name": "51628",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51628"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2011-3923",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2014/Jul/38",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2014/Jul/38"
            },
            {
              "name": "http://www.securitytracker.com/id?1026575",
              "refsource": "MISC",
              "url": "http://www.securitytracker.com/id?1026575"
            },
            {
              "name": "72585",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2011-3923",
    "datePublished": "2019-11-01T13:57:37",
    "dateReserved": "2011-10-01T00:00:00",
    "dateUpdated": "2024-08-06T23:53:32.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"2.3.1.2\", \"matchCriteriaId\": \"2F69A799-B8E9-434A-B0E9-2BF17E857140\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14259BF1-3601-4BF1-A591-FC4DE1639C57\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.\"}, {\"lang\": \"es\", \"value\": \"Apache Struts versiones anteriores a 2.3.1.2, permite a atacantes remotos omitir las protecciones de seguridad en la clase ParameterInterceptor y ejecutar comandos arbitrarios.\"}]",
      "id": "CVE-2011-3923",
      "lastModified": "2024-11-21T01:31:32.780",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-01T14:15:10.877",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2014/Jul/38\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.exploit-db.com/exploits/24874\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/51628\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securitytracker.com/id?1026575\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/72585\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2011-3923\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Jul/38\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/24874\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/51628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1026575\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/72585\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2011-3923\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-3923\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-11-01T14:15:10.877\",\"lastModified\":\"2024-11-21T01:31:32.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.\"},{\"lang\":\"es\",\"value\":\"Apache Struts versiones anteriores a 2.3.1.2, permite a atacantes remotos omitir las protecciones de seguridad en la clase ParameterInterceptor y ejecutar comandos arbitrarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.3.1.2\",\"matchCriteriaId\":\"2F69A799-B8E9-434A-B0E9-2BF17E857140\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14259BF1-3601-4BF1-A591-FC4DE1639C57\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2014/Jul/38\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.exploit-db.com/exploits/24874\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/51628\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id?1026575\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/72585\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2011-3923\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Jul/38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/24874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/51628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1026575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/72585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2011-3923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-J68F-8H6P-9H5Q

Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2023-08-16 21:41

Summary

Struts ParameterInterceptor vulnerability allows remote command execution

Details

Regular expression in ParametersInterceptor matches top['foo'](0) as a valid expression, which OGNL treats as (top['foo'])(0) and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and have it evaluated as an OGNL expression and since OGNL statement is in HTTP parameter value attacker can use blacklisted characters (e.g. #) to disable method execution and execute arbitrary methods, bypassing the ParametersInterceptor and OGNL library protections.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.3.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-3923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-03T23:46:44Z",
    "nvd_published_at": "2019-11-01T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Regular expression in ParametersInterceptor matches `top[\u0027foo\u0027](0)` as a valid expression, which OGNL treats as `(top[\u0027foo\u0027])(0)` and evaluates the value of \u0027foo\u0027 action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and have it evaluated as an OGNL expression and since OGNL statement is in HTTP parameter value attacker can use blacklisted characters (e.g. #) to disable method execution and execute arbitrary methods, bypassing the ParametersInterceptor and OGNL library protections.",
  "id": "GHSA-j68f-8h6p-9h5q",
  "modified": "2023-08-16T21:41:30Z",
  "published": "2022-04-22T00:24:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3923"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38"
    },
    {
      "type": "WEB",
      "url": "http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html"
    },
    {
      "type": "WEB",
      "url": "http://struts.apache.org/development/2.x/docs/s2-009.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Struts ParameterInterceptor vulnerability allows remote command execution"
}

CERTA-2012-AVI-029

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Apache Struts, qui permet l'exécution de code arbitraire à distance.

Description

Une vulnérabilité dans l'évaluation des paramètres d'entrée a été corrigée dans Apache Struts. Un attaquant, en envoyant une requête spécialement conçue (dont le modèle très simple est disponible sur l'Internet), peut exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apache Struts versions 2.0.0 à 2.3.1.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apache Struts S2-009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApache Struts versions 2.0.0 \u00e0 2.3.1.1.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans l\u0027\u00e9valuation des param\u00e8tres d\u0027entr\u00e9e a \u00e9t\u00e9\ncorrig\u00e9e dans Apache Struts. Un attaquant, en envoyant une requ\u00eate\nsp\u00e9cialement con\u00e7ue (dont le mod\u00e8le tr\u00e8s simple est disponible sur\nl\u0027Internet), peut ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3923"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-029",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Apache Struts, qui permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apache Struts",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Struts S2-009",
      "url": "http://struts.apache.org/2.x/docs/s2-009.html"
    }
  ]
}

CERTA-2012-AVI-029

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Apache Struts, qui permet l'exécution de code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apache Struts versions 2.0.0 à 2.3.1.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apache Struts S2-009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApache Struts versions 2.0.0 \u00e0 2.3.1.1.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans l\u0027\u00e9valuation des param\u00e8tres d\u0027entr\u00e9e a \u00e9t\u00e9\ncorrig\u00e9e dans Apache Struts. Un attaquant, en envoyant une requ\u00eate\nsp\u00e9cialement con\u00e7ue (dont le mod\u00e8le tr\u00e8s simple est disponible sur\nl\u0027Internet), peut ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3923"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-029",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Apache Struts, qui permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apache Struts",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Struts S2-009",
      "url": "http://struts.apache.org/2.x/docs/s2-009.html"
    }
  ]
}

FKIE_CVE-2011-3923

Vulnerability from fkie_nvd - Published: 2019-11-01 14:15 - Updated: 2024-11-21 01:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

References

	URL	Tags
	chrome-cve-admin@google.com	http://seclists.org/fulldisclosure/2014/Jul/38
	chrome-cve-admin@google.com	http://www.exploit-db.com/exploits/24874
	chrome-cve-admin@google.com	http://www.securityfocus.com/bid/51628
	chrome-cve-admin@google.com	http://www.securitytracker.com/id?1026575
	chrome-cve-admin@google.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923
	chrome-cve-admin@google.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/72585
	chrome-cve-admin@google.com	https://security-tracker.debian.org/tracker/CVE-2011-3923
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Jul/38
	af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/24874
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51628
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026575
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72585
	af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2011-3923

Impacted products

	Vendor	Product	Version
	apache	struts	*
	redhat	jboss_enterprise_web_server	1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F69A799-B8E9-434A-B0E9-2BF17E857140",
              "versionEndExcluding": "2.3.1.2",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14259BF1-3601-4BF1-A591-FC4DE1639C57",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands."
    },
    {
      "lang": "es",
      "value": "Apache Struts versiones anteriores a 2.3.1.2, permite a atacantes remotos omitir las protecciones de seguridad en la clase ParameterInterceptor y ejecutar comandos arbitrarios."
    }
  ],
  "id": "CVE-2011-3923",
  "lastModified": "2024-11-21T01:31:32.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-01T14:15:10.877",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://seclists.org/fulldisclosure/2014/Jul/38"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.exploit-db.com/exploits/24874"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securityfocus.com/bid/51628"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securitytracker.com/id?1026575"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Jul/38"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/24874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-3923

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

Aliases

CVE-2011-3923

Aliases

CVE-2011-3923

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3923",
    "description": "Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.",
    "id": "GSD-2011-3923",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-3923.html",
      "https://packetstormsecurity.com/files/cve/CVE-2011-3923"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3923"
      ],
      "details": "Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.",
      "id": "GSD-2011-3923",
      "modified": "2023-12-13T01:19:09.141269Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2011-3923",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Struts",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.3.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Other"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "24874",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/24874"
          },
          {
            "name": "51628",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/51628"
          },
          {
            "name": "https://security-tracker.debian.org/tracker/CVE-2011-3923",
            "refsource": "MISC",
            "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2014/Jul/38",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2014/Jul/38"
          },
          {
            "name": "http://www.securitytracker.com/id?1026575",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1026575"
          },
          {
            "name": "72585",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2-alpha0,2.3.1.1]",
          "affected_versions": "All versions starting from 2-alpha0 up to 2.3.1.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-732",
            "CWE-937"
          ],
          "date": "2019-12-02",
          "description": "OGNL provides, among other features, extensive expression evaluation capabilities. The vulnerability allows a malicious user to bypass all the protections (regex pattern, deny method invocation) built into the `ParametersInterceptor`, thus being able to inject a malicious expression in any exposed string variable for further evaluation.",
          "fixed_versions": [
            "2.3.1.2"
          ],
          "identifier": "CVE-2011-3923",
          "identifiers": [
            "CVE-2011-3923"
          ],
          "not_impacted": "All versions before 2-alpha0, all versions after 2.3.1.1",
          "package_slug": "maven/org.apache.struts/struts2-core",
          "pubdate": "2019-11-01",
          "solution": "Upgrade to version 2.3.1.2 or above.",
          "title": "Remote code execution via OGNL injention in HTTP parameter values",
          "urls": [
            "http://struts.apache.org/docs/s2-009.html"
          ],
          "uuid": "0cc887c0-836a-47ae-a5d7-389a6962c45a"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.1.2",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2011-3923"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2014/Jul/38",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Jul/38"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2011-3923",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"
            },
            {
              "name": "72585",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"
            },
            {
              "name": "24874",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.exploit-db.com/exploits/24874"
            },
            {
              "name": "51628",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/51628"
            },
            {
              "name": "http://www.securitytracker.com/id?1026575",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1026575"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-12-02T18:39Z",
      "publishedDate": "2019-11-01T14:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-3923 (GCVE-0-2011-3923)

GHSA-J68F-8H6P-9H5Q

CERTA-2012-AVI-029

Description

Solution

CERTA-2012-AVI-029

Description

Solution

FKIE_CVE-2011-3923

GSD-2011-3923

Tags

Sightings

Nomenclature