CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

Date published : 2017-09-20

http://www.securityfocus.com/bid/100829

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt