Vulnerability in Apache Struts
CVE-2011-3923
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
EPSS: 0.911 (99.7th percentile) — read the EPSS interpretation.
Affected products
- Apache Struts — versions 2.3.1.2
Public proof-of-concept exploits
References
- 24874 (exploit, x_refsource_EXPLOIT-DB)
- 51628 (vdb-entry, x_refsource_BID)
- security-tracker.debian.org/tracker/CVE-2011-3923 (x_refsource_MISC)
- bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
- seclists.org/fulldisclosure/2014/Jul/38 (x_refsource_MISC)
- www.securitytracker.com/id (x_refsource_MISC)
- 72585 (vdb-entry, x_refsource_XF)
Frequently asked questions
- What is CVE-2011-3923?
- CVE-2011-3923 is a vulnerability in Apache Struts. Published 2019-11-01.
- Is CVE-2011-3923 known to be exploited?
- 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.