Max CVSS 9.3 Min CVSS 6.4 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2012-0392 6.8
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static
05-03-2021 - 15:25 08-01-2012 - 15:55
CVE-2012-0393 6.4
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java objec
28-11-2018 - 17:05 08-01-2012 - 15:55
CVE-2012-0391 9.3
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code v
23-11-2018 - 14:36 08-01-2012 - 15:55
Back to Top Mark selected
Back to Top