cbcvebase.
CVE-2012-1006
published 2012-02-07

CVE-2012-1006: Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1)…

PriorityP335medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
58.48%
99.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

Affected

2 ranges
VendorProductVersion rangeFixed in
apachestruts
apachestruts

Detection & IOCsextracted from sources · hover to see the quote

urlstruts2-showcase/person/editPerson.action
url/struts2-rest-showcase/orders
url/struts-examples/upload/upload-submit.do?queryParam=Successful
url/struts-cookbook/processSimple.do
url/struts-cookbook/processDyna.do
commandpersons%281%29.name=%3Cscript%3Ealert%28%22SecPod-XSS-TEST%22%29%3C%2Fscript%3E&persons%281%29.lastName=%3Cscript%3Ealert%28%22SecPod-XSS-TEST%22%29%3C%2Fscript%3E&method%3Asave=Save+all+persons
commandclientName=%3Cscript%3Ealert%28%22SecPod-XSS-TEST%22%29%3C%2Fscript%3E&amount=
  • Detect POST requests to struts2-showcase/person/editPerson.action with URL-encoded script tags in the 'name' or 'lastName' parameters (persistent/stored XSS vector).
  • Detect POST requests to /struts2-rest-showcase/orders with URL-encoded script tags in the 'clientName' parameter (persistent/stored XSS vector).
  • Detect POST requests to /struts-examples/upload/upload-submit.do?queryParam=Successful with script content in multipart form data (reflected XSS vector).
  • Detect POST requests to /struts-cookbook/processSimple.do or /struts-cookbook/processDyna.do with URL-encoded script tags in the 'message' parameter (reflected XSS vector).
  • Alert on HTTP requests containing the exploit-specific User-Agent strings 'struts2-showcase XSS-TEST', 'struts2-rest-showcase XSS-TEST', 'Struts-examples XSS-TEST', or 'Struts-cookbook XSS-TEST' as indicators of active exploitation attempts from this PoC.
  • The vulnerability is persistent (stored) for Struts 2 showcase endpoints, meaning injected payloads are stored and served to subsequent users — prioritize inspection of stored data retrieval responses, not just POST requests.
  • ·The vulnerable endpoints are part of the Struts showcase/demo applications (struts2-showcase, struts2-rest-showcase, struts-examples, struts-cookbook), not the core framework itself. These should not be deployed in production environments.
  • ·No vendor fix was available at the time of advisory release; mitigation relies on not deploying the vulnerable showcase applications.
  • ·Red Hat products do not actively compile or ship Struts 2, but struts2-core JARs were inadvertently included in source packages for Fuse Service Works 6.0.0 and Single Sign On 7.3.0+. Customers building from source should scan and remove these JARs.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.