What is CVE-2010-1870?

CVE-2010-1870 is a vulnerability in Apache Struts. Published 2010-08-17.

Is CVE-2010-1870 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Struts

CVE-2010-1870

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-…

EPSS: 0.925 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Struts — versions 2.0.11.2, 2.0.1, 2.0.13
N/a — versions n/a

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
14360 (Exploit, exploit, x_refsource_EXPLOIT-DB)
41592 (vdb-entry, x_refsource_BID)
66280 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM)
59110 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
20100713 CVE-2010-1870: Struts2 remote commands execution (mailing-list, x_refsource_FULLDISC)
8345 (x_refsource_SREASON, third-party-advisory)

Frequently asked questions

What is CVE-2010-1870?: CVE-2010-1870 is a vulnerability in Apache Struts. Published 2010-08-17.
Is CVE-2010-1870 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.