cvelistv5 - cve-2017-12611

cve-2017-12611

Vulnerability from cvelistv5

Published

2017-09-20 17:00

Modified

2024-09-17 01:30

Severity ?

Summary

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

References

URL	Tags
security@apache.org	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt	Mitigation, Third Party Advisory
security@apache.org	http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html	Patch, Third Party Advisory
security@apache.org	http://www.securityfocus.com/bid/100829	Third Party Advisory, VDB Entry
security@apache.org	https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001	Patch, Third Party Advisory
security@apache.org	https://struts.apache.org/docs/s2-053.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100829	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://struts.apache.org/docs/s2-053.html	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Struts	Version: 2.0.0 - 2.3.33 Version: 2.5 - 2.5.10.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T18:43:56.172Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://struts.apache.org/docs/s2-053.html",
               },
               {
                  name: "100829",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/100829",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Struts",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "2.0.0 - 2.3.33",
                  },
                  {
                     status: "affected",
                     version: "2.5 - 2.5.10.1",
                  },
               ],
            },
         ],
         datePublic: "2017-09-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-12T20:45:53",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://struts.apache.org/docs/s2-053.html",
            },
            {
               name: "100829",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/100829",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2017-09-07T00:00:00",
               ID: "CVE-2017-12611",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Struts",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "2.0.0 - 2.3.33",
                                       },
                                       {
                                          version_value: "2.5 - 2.5.10.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
                  },
                  {
                     name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
                     refsource: "CONFIRM",
                     url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
                  },
                  {
                     name: "https://struts.apache.org/docs/s2-053.html",
                     refsource: "CONFIRM",
                     url: "https://struts.apache.org/docs/s2-053.html",
                  },
                  {
                     name: "100829",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/100829",
                  },
                  {
                     name: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
                     refsource: "CONFIRM",
                     url: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2017-12611",
      datePublished: "2017-09-20T17:00:00Z",
      dateReserved: "2017-08-07T00:00:00",
      dateUpdated: "2024-09-17T01:30:41.845Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE3A90B7-C632-4D3E-9A4F-21E46D273B42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"386538BE-F258-4870-8E11-750ADA228026\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4CF15B9-3714-4206-9971-1F7D59E20483\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFA32D87-65C7-4589-86B7-500BE3203CFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C3FB11-4E24-4067-A3A9-021F849DAAE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"661F1610-9FCD-4FC1-BCA1-69C58E0A1389\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9C89E22-B106-4EAB-90A1-0EA86C165737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E1BABB2-780E-47E0-87A9-A164906C8421\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC32348E-7EF4-411C-9A44-CD041ABFA0E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94BD452B-AE41-4F7A-9DB9-4B1039582537\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACFDC53B-7B8E-4333-BC87-E01024EC9C21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F0818E7-B617-4C30-BFAC-9FE2F375F8BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50F4A58E-F3D4-4711-A37E-EA538B112371\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFFCC96F-FD87-4495-B8A5-19D7898D5662\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEA0424E-84B4-41BD-8E6C-93E2A77DD6CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEC53AE5-3640-4FE1-B0B1-EA26C5B9EB9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"662A2E4B-A76A-4498-98A6-F90DF65C62B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E720B3A-4CFB-47FE-B80C-67C59D4C7FD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA687B56-A09B-4741-84F1-2BD9569A3F76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BC0E358-8B4D-480B-BFAE-966CB697310A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B7E8E1C-C667-4AED-86A5-2BD0C62AAD76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88B3348C-1086-4A16-97E3-52DB65FF860A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C65711D-9C5B-4644-A12D-82243CB6FB1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC1FA9A7-2C8E-4651-9400-190198528642\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA9093C0-AE6A-4285-B159-8FDBF37E33D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"267A1C33-1C95-41DA-8A01-6F20C7BE1772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E4590B9-6A44-4DC6-B7DF-5E6CAAA9D25A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30860683-D403-4D24-B356-FD306AEFCA46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E3316DA-9E34-4955-91CA-E35B141A7007\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D152B29-FAD5-4DEA-B187-278EBD37FEB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AC68463-F500-471C-8600-8F8FD9743B12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A92AAE08-4811-465A-8178-25F5F349B8BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B487975D-6394-4136-B45C-C1F209465B24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDC41957-8CCA-46A6-BD31-4039EEF3C457\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84408BC6-E785-4874-9409-AC02AF0A7897\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79E08D3E-9F86-4E9D-B1BF-EBEA8AB3BEE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"443B4E64-2A36-49C6-B09D-77B3BDF69709\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2481505C-4FD1-4195-9E10-9DD741498FB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"910DCB81-63A8-4BBB-8897-A98A0F2AEEB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F75F4616-4B4B-4CAB-968B-502179152D2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3D12A0A-1DC5-47C7-9FF6-E8103C75FE76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28ED63DB-2AAF-4BC9-A844-074EDF63C89A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C86232DA-90C7-43F8-99CC-C1BFB4BA3F9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38A6CEED-6C43-4325-B36C-9F254CCDFDC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41F43088-26AA-4890-A9D6-1B9B48D5F02A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE6820E3-8FDF-4BDF-8B62-E604A91F1280\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D25ED06A-F12C-443E-9B3F-FDDF52FE9D93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44527919-8403-42A8-9CE1-3B4F58630F34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBB91D8A-14B8-4263-B90D-F776535F9B8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB525941-7175-43C1-9F17-814F5F7C72CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F10D559E-04A0-4002-947C-D3902138795B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89203DD8-2C95-4546-9504-83654FFA5DBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB3D5644-CFAC-4FB5-A1FB-387F97876098\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1225A0B0-C3F2-4579-BFE9-F8DB2CF596F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DC883A7-0766-4857-ABC8-9DB4BA713650\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3553904-BF3C-4636-947A-8AA16D4F38A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93CE807-D7C2-4865-ACF8-E366A6478B46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22FF6282-0BCA-46EB-9648-6EE3EDA189F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D1467BC-9BC8-402D-A420-615CF9698648\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12CE716B-867F-49CA-BDAF-194714D990C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB6057D5-0787-4026-A202-ACD07C862F8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B3AE8EA-4D25-4151-A210-ECDE802F8A2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79C615AE-4709-47EB-85F8-BD944096428E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39047809-4E6D-4670-B9BA-D8FD910E38EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71823E13-1896-4EE4-A49C-CFFB717FFD80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"291F3624-8AB5-46F2-9BB5-F592DF1C9F88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD053675-DE5E-40A8-B404-4F36AAC82502\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0392E61-6D77-43C3-8009-96BC0F90B8D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C778ADED-75B5-4AD3-8CDC-EFDFFAD5A742\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"067F6249-CC5A-4402-843C-06D5F9F77267\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AFA78DD-B60C-46AD-BCCB-4E15BB16BEDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA1EABE-5292-44C2-8327-54201A42F204\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F327A6EA-69AF-4EB2-8F17-8011678FAB6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"603FAA0C-0908-4105-BE3A-016B4A298264\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E5068CA-A472-47D2-A89F-A43EA8617874\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63CE1226-E0E6-4DC6-AC89-3FFDE6BD7B77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E17D62B8-349B-4F30-8849-6912828802C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5E91133-D585-43F7-9093-94D735B3167E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD44FD72-ECE7-4E08-AD9E-5CE2C310C2C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4F914BA-CF16-4B03-A6A2-8C9816EC1248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2C82970-62C9-4513-A66D-6BDA4048C27F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1A43CA5-46DE-4513-A309-BE3A60CD5489\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D83D2FA-8931-45F8-82D6-DE270A2BA55C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D284BF2-101C-490C-85CB-69D156D1FF77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BAD7A75-378F-4A0F-A10F-E4F7AF60F285\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56E43496-097F-4560-BFB1-BDDA4659F197\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96C720D6-312B-477C-A993-BEE39A7ADB4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03367A87-9011-45F4-B534-DEA26F8D4567\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF635DCE-D495-4166-9E25-1E48DDDF9AAC\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.\"}, {\"lang\": \"es\", \"value\": \"En Apache Struts versiones 2.0.0 hasta 2.3.33 y versiones 2.5 hasta 2.5.10.1, el uso de una expresi\\u00f3n no intencional en una etiqueta Freemarker en lugar de literales de cadena podr\\u00eda conllevar a un ataque de tipo RCE.\"}]",
         id: "CVE-2017-12611",
         lastModified: "2024-11-21T03:09:53.440",
         metrics: "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2017-09-20T17:29:00.400",
         references: "[{\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt\", \"source\": \"security@apache.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100829\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://struts.apache.org/docs/s2-053.html\", \"source\": \"security@apache.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100829\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://struts.apache.org/docs/s2-053.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
         sourceIdentifier: "security@apache.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2017-12611\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-09-20T17:29:00.400\",\"lastModified\":\"2024-11-21T03:09:53.440\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.\"},{\"lang\":\"es\",\"value\":\"En Apache Struts versiones 2.0.0 hasta 2.3.33 y versiones 2.5 hasta 2.5.10.1, el uso de una expresión no intencional en una etiqueta Freemarker en lugar de literales de cadena podría conllevar a un ataque de tipo RCE.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE3A90B7-C632-4D3E-9A4F-21E46D273B42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"386538BE-F258-4870-8E11-750ADA228026\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4CF15B9-3714-4206-9971-1F7D59E20483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFA32D87-65C7-4589-86B7-500BE3203CFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C3FB11-4E24-4067-A3A9-021F849DAAE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"661F1610-9FCD-4FC1-BCA1-69C58E0A1389\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9C89E22-B106-4EAB-90A1-0EA86C165737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E1BABB2-780E-47E0-87A9-A164906C8421\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC32348E-7EF4-411C-9A44-CD041ABFA0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94BD452B-AE41-4F7A-9DB9-4B1039582537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFDC53B-7B8E-4333-BC87-E01024EC9C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F0818E7-B617-4C30-BFAC-9FE2F375F8BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50F4A58E-F3D4-4711-A37E-EA538B112371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFFCC96F-FD87-4495-B8A5-19D7898D5662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA0424E-84B4-41BD-8E6C-93E2A77DD6CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEC53AE5-3640-4FE1-B0B1-EA26C5B9EB9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"662A2E4B-A76A-4498-98A6-F90DF65C62B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E720B3A-4CFB-47FE-B80C-67C59D4C7FD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA687B56-A09B-4741-84F1-2BD9569A3F76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BC0E358-8B4D-480B-BFAE-966CB697310A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B7E8E1C-C667-4AED-86A5-2BD0C62AAD76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88B3348C-1086-4A16-97E3-52DB65FF860A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C65711D-9C5B-4644-A12D-82243CB6FB1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1FA9A7-2C8E-4651-9400-190198528642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA9093C0-AE6A-4285-B159-8FDBF37E33D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"267A1C33-1C95-41DA-8A01-6F20C7BE1772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E4590B9-6A44-4DC6-B7DF-5E6CAAA9D25A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30860683-D403-4D24-B356-FD306AEFCA46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E3316DA-9E34-4955-91CA-E35B141A7007\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D152B29-FAD5-4DEA-B187-278EBD37FEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC68463-F500-471C-8600-8F8FD9743B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A92AAE08-4811-465A-8178-25F5F349B8BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B487975D-6394-4136-B45C-C1F209465B24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC41957-8CCA-46A6-BD31-4039EEF3C457\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84408BC6-E785-4874-9409-AC02AF0A7897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E08D3E-9F86-4E9D-B1BF-EBEA8AB3BEE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"443B4E64-2A36-49C6-B09D-77B3BDF69709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2481505C-4FD1-4195-9E10-9DD741498FB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910DCB81-63A8-4BBB-8897-A98A0F2AEEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F75F4616-4B4B-4CAB-968B-502179152D2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3D12A0A-1DC5-47C7-9FF6-E8103C75FE76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28ED63DB-2AAF-4BC9-A844-074EDF63C89A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C86232DA-90C7-43F8-99CC-C1BFB4BA3F9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38A6CEED-6C43-4325-B36C-9F254CCDFDC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41F43088-26AA-4890-A9D6-1B9B48D5F02A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE6820E3-8FDF-4BDF-8B62-E604A91F1280\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D25ED06A-F12C-443E-9B3F-FDDF52FE9D93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44527919-8403-42A8-9CE1-3B4F58630F34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB91D8A-14B8-4263-B90D-F776535F9B8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB525941-7175-43C1-9F17-814F5F7C72CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F10D559E-04A0-4002-947C-D3902138795B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89203DD8-2C95-4546-9504-83654FFA5DBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3D5644-CFAC-4FB5-A1FB-387F97876098\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1225A0B0-C3F2-4579-BFE9-F8DB2CF596F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC883A7-0766-4857-ABC8-9DB4BA713650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3553904-BF3C-4636-947A-8AA16D4F38A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93CE807-D7C2-4865-ACF8-E366A6478B46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22FF6282-0BCA-46EB-9648-6EE3EDA189F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D1467BC-9BC8-402D-A420-615CF9698648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12CE716B-867F-49CA-BDAF-194714D990C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB6057D5-0787-4026-A202-ACD07C862F8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B3AE8EA-4D25-4151-A210-ECDE802F8A2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C615AE-4709-47EB-85F8-BD944096428E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39047809-4E6D-4670-B9BA-D8FD910E38EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71823E13-1896-4EE4-A49C-CFFB717FFD80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"291F3624-8AB5-46F2-9BB5-F592DF1C9F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD053675-DE5E-40A8-B404-4F36AAC82502\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0392E61-6D77-43C3-8009-96BC0F90B8D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C778ADED-75B5-4AD3-8CDC-EFDFFAD5A742\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"067F6249-CC5A-4402-843C-06D5F9F77267\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AFA78DD-B60C-46AD-BCCB-4E15BB16BEDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA1EABE-5292-44C2-8327-54201A42F204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F327A6EA-69AF-4EB2-8F17-8011678FAB6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"603FAA0C-0908-4105-BE3A-016B4A298264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E5068CA-A472-47D2-A89F-A43EA8617874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63CE1226-E0E6-4DC6-AC89-3FFDE6BD7B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E17D62B8-349B-4F30-8849-6912828802C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5E91133-D585-43F7-9093-94D735B3167E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD44FD72-ECE7-4E08-AD9E-5CE2C310C2C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4F914BA-CF16-4B03-A6A2-8C9816EC1248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2C82970-62C9-4513-A66D-6BDA4048C27F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1A43CA5-46DE-4513-A309-BE3A60CD5489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D83D2FA-8931-45F8-82D6-DE270A2BA55C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D284BF2-101C-490C-85CB-69D156D1FF77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BAD7A75-378F-4A0F-A10F-E4F7AF60F285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56E43496-097F-4560-BFB1-BDDA4659F197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96C720D6-312B-477C-A993-BEE39A7ADB4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03367A87-9011-45F4-B534-DEA26F8D4567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF635DCE-D495-4166-9E25-1E48DDDF9AAC\"}]}]}],\"references\":[{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt\",\"source\":\"security@apache.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100829\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://struts.apache.org/docs/s2-053.html\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://struts.apache.org/docs/s2-053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
   },
}

gsd-2017-12611

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

Aliases

CVE-2017-12611

Aliases

CVE-2017-12611

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2017-12611",
      description: "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
      id: "GSD-2017-12611",
      references: [
         "https://www.suse.com/security/cve/CVE-2017-12611.html",
      ],
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2017-12611",
         ],
         details: "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
         id: "GSD-2017-12611",
         modified: "2023-12-13T01:21:03.795263Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "security@apache.org",
            DATE_PUBLIC: "2017-09-07T00:00:00",
            ID: "CVE-2017-12611",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "Apache Struts",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "2.0.0 - 2.3.33",
                                    },
                                    {
                                       version_value: "2.5 - 2.5.10.1",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Apache Software Foundation",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
                  refsource: "CONFIRM",
                  url: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
               },
               {
                  name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
                  refsource: "CONFIRM",
                  url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
               },
               {
                  name: "https://struts.apache.org/docs/s2-053.html",
                  refsource: "CONFIRM",
                  url: "https://struts.apache.org/docs/s2-053.html",
               },
               {
                  name: "100829",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/100829",
               },
               {
                  name: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
                  refsource: "CONFIRM",
                  url: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
               },
            ],
         },
      },
      "gitlab.com": {
         advisories: [
            {
               affected_range: "[2.0.1,2.0.11.2],[2.0.12,2.0.14],[2.1.0,2.1.6],[2.1.8,2.1.8.1], [2.2.1,2.2.1.1],[2.2.3,2.2.3.1],[2.3.1,2.3.1.2],[2.3.3,2.3.4.1],[2.3.5,2.3.14.3], [2.3.15,2.3.15.3],[2.3.16,2.3.16.3],[2.3.17],[2.3.19,2.3.20.2],[2.3.21,2.3.23], [2.3.24.2,2.3.24.3],[2.3.25,2.3.28.1],[2.3.29,2.3.33],[2.5,2.5.10]",
               affected_versions: "All versions starting from 2.0.1 up to 2.0.11.2, all versions starting from 2.0.12 up to 2.0.14, all versions starting from 2.1.0 up to 2.1.6, all versions starting from 2.1.8 up to 2.1.8.1, all versions starting from 2.2.1 up to 2.2.1.1, all versions starting from 2.2.3 up to 2.2.3.1, all versions starting from 2.3.1 up to 2.3.1.2, all versions starting from 2.3.3 up to 2.3.4.1, all versions starting from 2.3.5 up to 2.3.14.3, all versions starting from 2.3.15 up to 2.3.15.3, all versions starting from 2.3.16 up to 2.3.16.3, version 2.3.17, all versions starting from 2.3.19 up to 2.3.20.2, all versions starting from 2.3.21 up to 2.3.23, all versions starting from 2.3.24.2 up to 2.3.24.3, all versions starting from 2.3.25 up to 2.3.28.1, all versions starting from 2.3.29 up to 2.3.33, all versions starting from 2.5 up to 2.5.10",
               cvss_v2: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               cvss_v3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-20",
                  "CWE-937",
               ],
               date: "2019-08-12",
               description: "Using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
               fixed_versions: [
                  "2.3.34",
                  "2.5.12",
               ],
               identifier: "CVE-2017-12611",
               identifiers: [
                  "CVE-2017-12611",
               ],
               not_impacted: "All versions before 2.0.1, all versions after 2.0.11.2 before 2.0.12, all versions after 2.0.14 before 2.1.0, all versions after 2.1.6 before 2.1.8, all versions after 2.1.8.1 before 2.2.1, all versions after 2.2.1.1 before 2.2.3, all versions after 2.2.3.1 before 2.3.1, all versions after 2.3.1.2 before 2.3.3, all versions after 2.3.4.1 before 2.3.5, all versions after 2.3.14.3 before 2.3.15, all versions after 2.3.15.3 before 2.3.16, all versions after 2.3.16.3 before 2.3.17, all versions after 2.3.17 before 2.3.19, all versions after 2.3.20.2 before 2.3.21, all versions after 2.3.23 before 2.3.24.2, all versions after 2.3.24.3 before 2.3.25, all versions after 2.3.28.1 before 2.3.29, all versions after 2.3.33 before 2.5, all versions after 2.5.10",
               package_slug: "maven/org.apache.struts/struts2-core",
               pubdate: "2017-09-20",
               solution: "Upgrade to versions 2.3.24, 2.5.12 or above.",
               title: "Improper Input Validation",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2017-12611",
                  "http://www.securityfocus.com/bid/100829",
                  "https://struts.apache.org/docs/s2-053.html",
               ],
               uuid: "76abfbfd-9e0c-44fc-a8da-11f352a7be04",
            },
         ],
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               ID: "CVE-2017-12611",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-20",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://struts.apache.org/docs/s2-053.html",
                     refsource: "CONFIRM",
                     tags: [
                        "Exploit",
                        "Vendor Advisory",
                     ],
                     url: "https://struts.apache.org/docs/s2-053.html",
                  },
                  {
                     name: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
                     refsource: "CONFIRM",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
                  },
                  {
                     name: "100829",
                     refsource: "BID",
                     tags: [
                        "Third Party Advisory",
                        "VDB Entry",
                     ],
                     url: "http://www.securityfocus.com/bid/100829",
                  },
                  {
                     name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
                     refsource: "CONFIRM",
                     tags: [
                        "Mitigation",
                        "Third Party Advisory",
                     ],
                     url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
                     refsource: "CONFIRM",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                     ],
                     url: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 6.4,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "HIGH",
               userInteractionRequired: false,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               exploitabilityScore: 3.9,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2019-08-12T21:15Z",
         publishedDate: "2017-09-20T17:29Z",
      },
   },
}

ghsa-8fx9-5hx8-crhm

Vulnerability from github

Published

2018-10-16 19:35

Modified

2024-01-04 21:54

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal

Details

In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

Show details on source website

JSON

To clipboard

{
   affected: [
      {
         database_specific: {
            last_known_affected_version_range: "<= 2.3.33",
         },
         package: {
            ecosystem: "Maven",
            name: "org.apache.struts:struts2-core",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.0.1",
                  },
                  {
                     fixed: "2.3.34",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         database_specific: {
            last_known_affected_version_range: "<= 2.5.10.1",
         },
         package: {
            ecosystem: "Maven",
            name: "org.apache.struts:struts2-core",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.5.0",
                  },
                  {
                     fixed: "2.5.11",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
   ],
   aliases: [
      "CVE-2017-12611",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-20",
      ],
      github_reviewed: true,
      github_reviewed_at: "2020-06-16T21:25:30Z",
      nvd_published_at: null,
      severity: "CRITICAL",
   },
   details: "In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
   id: "GHSA-8fx9-5hx8-crhm",
   modified: "2024-01-04T21:54:05Z",
   published: "2018-10-16T19:35:40Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2017-12611",
      },
      {
         type: "WEB",
         url: "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa",
      },
      {
         type: "WEB",
         url: "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f",
      },
      {
         type: "PACKAGE",
         url: "https://github.com/apache/struts",
      },
      {
         type: "WEB",
         url: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
      },
      {
         type: "WEB",
         url: "https://struts.apache.org/docs/s2-053.html",
      },
      {
         type: "WEB",
         url: "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829",
      },
      {
         type: "WEB",
         url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
      },
      {
         type: "WEB",
         url: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
   summary: "Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal",
}

fkie_cve-2017-12611

Vulnerability from fkie_nvd

Published

2017-09-20 17:29

Modified

2024-11-21 03:09

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

References

URL	Tags
security@apache.org	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt	Mitigation, Third Party Advisory
security@apache.org	http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html	Patch, Third Party Advisory
security@apache.org	http://www.securityfocus.com/bid/100829	Third Party Advisory, VDB Entry
security@apache.org	https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001	Patch, Third Party Advisory
security@apache.org	https://struts.apache.org/docs/s2-053.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100829	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://struts.apache.org/docs/s2-053.html	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
apache	struts	2.0.1
apache	struts	2.0.2
apache	struts	2.0.3
apache	struts	2.0.4
apache	struts	2.0.5
apache	struts	2.0.6
apache	struts	2.0.7
apache	struts	2.0.8
apache	struts	2.0.9
apache	struts	2.0.10
apache	struts	2.0.11
apache	struts	2.0.11.1
apache	struts	2.0.11.2
apache	struts	2.0.12
apache	struts	2.0.13
apache	struts	2.0.14
apache	struts	2.1.0
apache	struts	2.1.1
apache	struts	2.1.2
apache	struts	2.1.3
apache	struts	2.1.4
apache	struts	2.1.5
apache	struts	2.1.6
apache	struts	2.1.8
apache	struts	2.1.8.1
apache	struts	2.2.1
apache	struts	2.2.1.1
apache	struts	2.2.3
apache	struts	2.2.3.1
apache	struts	2.3.1
apache	struts	2.3.1.1
apache	struts	2.3.1.2
apache	struts	2.3.3
apache	struts	2.3.4
apache	struts	2.3.4.1
apache	struts	2.3.5
apache	struts	2.3.6
apache	struts	2.3.7
apache	struts	2.3.8
apache	struts	2.3.9
apache	struts	2.3.10
apache	struts	2.3.11
apache	struts	2.3.12
apache	struts	2.3.13
apache	struts	2.3.14
apache	struts	2.3.14.1
apache	struts	2.3.14.2
apache	struts	2.3.14.3
apache	struts	2.3.15
apache	struts	2.3.15.1
apache	struts	2.3.15.2
apache	struts	2.3.15.3
apache	struts	2.3.16
apache	struts	2.3.16.1
apache	struts	2.3.16.2
apache	struts	2.3.16.3
apache	struts	2.3.17
apache	struts	2.3.19
apache	struts	2.3.20
apache	struts	2.3.20.1
apache	struts	2.3.20.2
apache	struts	2.3.21
apache	struts	2.3.22
apache	struts	2.3.23
apache	struts	2.3.24.2
apache	struts	2.3.24.3
apache	struts	2.3.25
apache	struts	2.3.26
apache	struts	2.3.27
apache	struts	2.3.28
apache	struts	2.3.28.1
apache	struts	2.3.29
apache	struts	2.3.30
apache	struts	2.3.31
apache	struts	2.3.32
apache	struts	2.3.33
apache	struts	2.5
apache	struts	2.5
apache	struts	2.5
apache	struts	2.5
apache	struts	2.5.1
apache	struts	2.5.2
apache	struts	2.5.3
apache	struts	2.5.4
apache	struts	2.5.5
apache	struts	2.5.6
apache	struts	2.5.7
apache	struts	2.5.8
apache	struts	2.5.9
apache	struts	2.5.10

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE3A90B7-C632-4D3E-9A4F-21E46D273B42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "386538BE-F258-4870-8E11-750ADA228026",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4CF15B9-3714-4206-9971-1F7D59E20483",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFA32D87-65C7-4589-86B7-500BE3203CFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "98C3FB11-4E24-4067-A3A9-021F849DAAE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "661F1610-9FCD-4FC1-BCA1-69C58E0A1389",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9C89E22-B106-4EAB-90A1-0EA86C165737",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E1BABB2-780E-47E0-87A9-A164906C8421",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC32348E-7EF4-411C-9A44-CD041ABFA0E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "94BD452B-AE41-4F7A-9DB9-4B1039582537",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACFDC53B-7B8E-4333-BC87-E01024EC9C21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F0818E7-B617-4C30-BFAC-9FE2F375F8BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "50F4A58E-F3D4-4711-A37E-EA538B112371",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFFCC96F-FD87-4495-B8A5-19D7898D5662",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEA0424E-84B4-41BD-8E6C-93E2A77DD6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEC53AE5-3640-4FE1-B0B1-EA26C5B9EB9B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "662A2E4B-A76A-4498-98A6-F90DF65C62B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E720B3A-4CFB-47FE-B80C-67C59D4C7FD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA687B56-A09B-4741-84F1-2BD9569A3F76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BC0E358-8B4D-480B-BFAE-966CB697310A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E8E1C-C667-4AED-86A5-2BD0C62AAD76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "88B3348C-1086-4A16-97E3-52DB65FF860A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C65711D-9C5B-4644-A12D-82243CB6FB1E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC1FA9A7-2C8E-4651-9400-190198528642",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA9093C0-AE6A-4285-B159-8FDBF37E33D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "267A1C33-1C95-41DA-8A01-6F20C7BE1772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E4590B9-6A44-4DC6-B7DF-5E6CAAA9D25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "30860683-D403-4D24-B356-FD306AEFCA46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E3316DA-9E34-4955-91CA-E35B141A7007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D152B29-FAD5-4DEA-B187-278EBD37FEB4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC68463-F500-471C-8600-8F8FD9743B12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A92AAE08-4811-465A-8178-25F5F349B8BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B487975D-6394-4136-B45C-C1F209465B24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDC41957-8CCA-46A6-BD31-4039EEF3C457",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "84408BC6-E785-4874-9409-AC02AF0A7897",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "79E08D3E-9F86-4E9D-B1BF-EBEA8AB3BEE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "443B4E64-2A36-49C6-B09D-77B3BDF69709",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "2481505C-4FD1-4195-9E10-9DD741498FB2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "910DCB81-63A8-4BBB-8897-A98A0F2AEEB4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F75F4616-4B4B-4CAB-968B-502179152D2B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3D12A0A-1DC5-47C7-9FF6-E8103C75FE76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "28ED63DB-2AAF-4BC9-A844-074EDF63C89A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "C86232DA-90C7-43F8-99CC-C1BFB4BA3F9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "38A6CEED-6C43-4325-B36C-9F254CCDFDC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "41F43088-26AA-4890-A9D6-1B9B48D5F02A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE6820E3-8FDF-4BDF-8B62-E604A91F1280",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D25ED06A-F12C-443E-9B3F-FDDF52FE9D93",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "44527919-8403-42A8-9CE1-3B4F58630F34",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB91D8A-14B8-4263-B90D-F776535F9B8F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB525941-7175-43C1-9F17-814F5F7C72CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F10D559E-04A0-4002-947C-D3902138795B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "89203DD8-2C95-4546-9504-83654FFA5DBC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB3D5644-CFAC-4FB5-A1FB-387F97876098",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1225A0B0-C3F2-4579-BFE9-F8DB2CF596F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DC883A7-0766-4857-ABC8-9DB4BA713650",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3553904-BF3C-4636-947A-8AA16D4F38A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "E93CE807-D7C2-4865-ACF8-E366A6478B46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "22FF6282-0BCA-46EB-9648-6EE3EDA189F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D1467BC-9BC8-402D-A420-615CF9698648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "12CE716B-867F-49CA-BDAF-194714D990C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB6057D5-0787-4026-A202-ACD07C862F8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B3AE8EA-4D25-4151-A210-ECDE802F8A2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "79C615AE-4709-47EB-85F8-BD944096428E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "39047809-4E6D-4670-B9BA-D8FD910E38EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "71823E13-1896-4EE4-A49C-CFFB717FFD80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "291F3624-8AB5-46F2-9BB5-F592DF1C9F88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD053675-DE5E-40A8-B404-4F36AAC82502",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0392E61-6D77-43C3-8009-96BC0F90B8D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "C778ADED-75B5-4AD3-8CDC-EFDFFAD5A742",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "067F6249-CC5A-4402-843C-06D5F9F77267",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AFA78DD-B60C-46AD-BCCB-4E15BB16BEDC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DA1EABE-5292-44C2-8327-54201A42F204",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "F327A6EA-69AF-4EB2-8F17-8011678FAB6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "603FAA0C-0908-4105-BE3A-016B4A298264",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E5068CA-A472-47D2-A89F-A43EA8617874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "63CE1226-E0E6-4DC6-AC89-3FFDE6BD7B77",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "E17D62B8-349B-4F30-8849-6912828802C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "D5E91133-D585-43F7-9093-94D735B3167E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*",
                     matchCriteriaId: "DD44FD72-ECE7-4E08-AD9E-5CE2C310C2C8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4F914BA-CF16-4B03-A6A2-8C9816EC1248",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C82970-62C9-4513-A66D-6BDA4048C27F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1A43CA5-46DE-4513-A309-BE3A60CD5489",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D83D2FA-8931-45F8-82D6-DE270A2BA55C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D284BF2-101C-490C-85CB-69D156D1FF77",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BAD7A75-378F-4A0F-A10F-E4F7AF60F285",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "56E43496-097F-4560-BFB1-BDDA4659F197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "96C720D6-312B-477C-A993-BEE39A7ADB4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "03367A87-9011-45F4-B534-DEA26F8D4567",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF635DCE-D495-4166-9E25-1E48DDDF9AAC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",
      },
      {
         lang: "es",
         value: "En Apache Struts versiones 2.0.0 hasta 2.3.33 y versiones 2.5 hasta 2.5.10.1, el uso de una expresión no intencional en una etiqueta Freemarker en lugar de literales de cadena podría conllevar a un ataque de tipo RCE.",
      },
   ],
   id: "CVE-2017-12611",
   lastModified: "2024-11-21T03:09:53.440",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-09-20T17:29:00.400",
   references: [
      {
         source: "security@apache.org",
         tags: [
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
      },
      {
         source: "security@apache.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
      },
      {
         source: "security@apache.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/100829",
      },
      {
         source: "security@apache.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
      },
      {
         source: "security@apache.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://struts.apache.org/docs/s2-053.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/100829",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://struts.apache.org/docs/s2-053.html",
      },
   ],
   sourceIdentifier: "security@apache.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2017-12611

Vulnerability from cvelistv5

gsd-2017-12611

Vulnerability from gsd

ghsa-8fx9-5hx8-crhm

Vulnerability from github

fkie_cve-2017-12611

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature