CVE-2012-0394

** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-01-08 15:55

Updated : 2024-08-06 19:15


NVD link : CVE-2012-0394

Mitre link : CVE-2012-0394

CVE.ORG link : CVE-2012-0394


JSON object : View

Products Affected

apache

  • struts
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')