CVE-2011-3923
published 2019-11-01CVE-2011-3923: Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | struts | — | — |
| apache | struts | >= 2.0.0 < 2.3.1.2 | 2.3.1.2 |
| redhat | jboss_enterprise_web_server | — | — |