cbcvebase.
CVE-2007-4556
published 2007-08-28

CVE-2007-4556: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an…

PriorityP343medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
25.75%
97.7th percentile
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.

Affected

2 ranges
VendorProductVersion rangeFixed in
opensymphonyxwork< 1.2.31.2.3
opensymphonyxwork2.0.0 – 2.0.4
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.