NuytsTech Security

CVE-2012-0838

by ·

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

Date published : 2012-03-02

http://struts.apache.org/2.3.1.2/docs/s2-007.html

https://issues.apache.org/jira/browse/WW-3668

Tags: