CVE-2012-0394
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
EPSS 93.6%
Description
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
How to fix CVE-2012-0394
To remediate CVE-2012-0394, upgrade the affected package to a fixed version below.
- Maven/org.apache.struts.xwork:xwork-core—upgrade to 2.3.18 or later
Is CVE-2012-0394 being exploited?
Likely — EPSS is 93.6%, placing CVE-2012-0394 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 2.3.18