Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1870Code Injection in Apache Struts

CWE-94Code Injection10 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
92.5%
top 0.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Struts
Timeline
PublishedAug 17
Latest updateMay 13

Description

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/struts26 versions+25

🔴Vulnerability Details

3
OSV
Server side object manipulation in Apache Struts2022-05-13
GHSA
Server side object manipulation in Apache Struts2022-05-13
CVEList
CVE-2010-1870: The OGNL extensive expression evaluation capability in XWork in Struts 22010-08-17

💥Exploits & PoCs

3
Exploit-DB
Apache Struts < 2.2.0 - Remote Command Execution (Metasploit)2011-08-19
Exploit-DB
Struts2/XWork < 2.2.0 - Remote Command Execution2010-07-14
Nuclei
ListSERV Maestro <= 9.0-8 RCE

📋Vendor Advisories

2
Cisco
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products2014-07-09
Red Hat
Struts2/WebWorks/XWork: ParameterInterceptors bypass allows remote command execution2010-07-25

💬Community

1
Bugzilla
CVE-2010-1870 Apache Struts2/WebWorks/XWork: ParameterInterceptors bypass allows remote command execution2014-07-28
CVE-2010-1870 — Code Injection in Apache Struts | cvebase