What is CVE-2012-0394?

CVE-2012-0394 is a vulnerability in Apache Struts, classified under Code Injection. Published 2012-01-08.

Is CVE-2012-0394 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Apache Struts

CVE-2012-0394

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a securit…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Struts
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC, Release Notes, Vendor Advisory)
cve@mitre.org (x_refsource_MISC, Vendor Advisory)
18329 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 (mailing-list, x_refsource_BUGTRAQ, Broken Link)
31434 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC, Broken Link)
78276 (x_refsource_OSVDB, vdb-entry, Broken Link)

Frequently asked questions

What is CVE-2012-0394?: CVE-2012-0394 is a vulnerability in Apache Struts, classified under Code Injection. Published 2012-01-08.
Is CVE-2012-0394 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.