CVE-2012-1592
published 2019-12-05CVE-2012-1592: A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
PriorityP272high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
28.55%
97.9th percentile
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | struts | — | — |
| libstruts1.2-java | libstruts1.2-java | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered by uploading a malformed XSLT file via XSLTResult.java; monitor for unexpected XSLT file uploads to Struts2 applications ↗
- →Attack chain requires two steps: (1) upload of an arbitrary file and (2) the attacker viewing/requesting that file to trigger execution — monitor for upload followed by immediate retrieval of the same file by an untrusted user ↗
- →Scan host filesystems for struts2 JARs that may indicate a vulnerable deployment, particularly in Fuse Service Works 6.0.0 and Single Sign On 7.3.0+ source builds ↗
- ·Exploitation requires that the application makes an uploaded file from an untrusted user immediately available back to an untrusted user without sanitization — applications that properly validate uploads before serving them are not directly exploitable via this path ↗
- ·Struts2 is not actively compiled or shipped in Red Hat final products, but struts2-core JARs were included in source packages for Fuse Service Works 6.0.0 and Single Sign On 7.3.0+; customers who built artifacts from those source packages may be at risk ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Unrestricted Upload of File with Dangerous Type in Apache Struts2
osv·2022-04-23
CVE-2012-1592 [HIGH] Unrestricted Upload of File with Dangerous Type in Apache Struts2
Unrestricted Upload of File with Dangerous Type in Apache Struts2
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. A patch exists as of version 2.5.22.
GHSA
Unrestricted Upload of File with Dangerous Type in Apache Struts2
ghsa·2022-04-23
CVE-2012-1592 [HIGH] CWE-434 Unrestricted Upload of File with Dangerous Type in Apache Struts2
Unrestricted Upload of File with Dangerous Type in Apache Struts2
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. A patch exists as of version 2.5.22.
No detection rules found.
Exploit-DB
SAP NetWeaver Message Server - Multiple Vulnerabilities
exploitdb·2013-02-17·CVSS 9.8
CVE-2013-1592 [CRITICAL] SAP NetWeaver Message Server - Multiple Vulnerabilities
SAP NetWeaver Message Server - Multiple Vulnerabilities
---
1. *Advisory Information*
Title: SAP Netweaver Message Server Multiple Vulnerabilities
Advisory ID: CORE-2012-1128
Advisory URL:
http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities
Date published: 2013-02-13
Date of last update: 2013-02-13
Vendors contacted: SAP
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Improper Validation of Array Index [CWE-129], Buffer overflow
[CWE-119]
Impact: Code execution, Denial of service
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2013-1592, CVE-2013-1593
3. *Vulnerability Description*
SAP Netweaver [1] is a technology platform for building and integrating
SAP business applications. Multiple vulnerabilities have be
Exploit-DB
Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload
exploitdb·2012-03-23
CVE-2012-1592 Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload
Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload
---
source: https://www.securityfocus.com/bid/52702/info
Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
hacked by kxlzx
http://www.example.com
Bugzilla
CVE-2012-4549 JBoss AS: EJB authorization succeeds for any role when allowed roles list is empty
bugzilla·2012-10-29·CVSS 5.8
CVE-2012-4549 [MEDIUM] CVE-2012-4549 JBoss AS: EJB authorization succeeds for any role when allowed roles list is empty
CVE-2012-4549 JBoss AS: EJB authorization succeeds for any role when allowed roles list is empty
When there are no allowed roles for an EJB method invocation, the invocation should be denied for all users. The processInvocation() method in org.jboss.as.ejb3.security.AuthorizationInterceptor incorrectly authorizes all method invocations to proceed when the list of allowed roles is empty.
Discussion:
Acknowledgements:
This issue was discovered by Arun Neelicattu of the Red Hat Security Response Team.
---
This issue has been addressed in following products:
JBEAP 6 for RHEL 5
Via RHSA-2012:1591 https://rhn.redhat.com/errata/RHSA-2012-1591.html
---
This issue has been addressed in following products:
JBEAP 6 for RHEL 6
Via RHSA-2012:1592 https://rhn.redhat.com/errata/RHSA-2012-1592
Bugzilla
CVE-2012-1592 struts2: xsltResult local code execution flaw
bugzilla·2012-03-27·CVSS 8.8
CVE-2012-1592 [HIGH] CVE-2012-1592 struts2: xsltResult local code execution flaw
CVE-2012-1592 struts2: xsltResult local code execution flaw
It was reported [1] that Apache Struts2 suffers from a local code execution flaw when processing malformed XSLT files. This could allow a malicious remote user able to upload an arbitrary file and then view it (such as a graphics file), and execute arbitrary code with the privileges of the struts2 process user.
NOTE: During normal usage, applications that receive untrusted input/files from remote users are expected to properly sanity-check the file and, if nothing else, not immediately make the file uploaded by an untrusted user, available to an untrusted user, without first checking the file.
[1] http://seclists.org/bugtraq/2012/Mar/110
Discussion:
This was assigned CVE-2012-1592 as per:
http://www.openwall.com/lists/oss-se
http://www.openwall.com/lists/oss-security/2012/03/28/12https://access.redhat.com/security/cve/cve-2012-1592https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3Ehttps://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3Ehttps://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3Ehttps://security-tracker.debian.org/tracker/CVE-2012-1592http://www.openwall.com/lists/oss-security/2012/03/28/12https://access.redhat.com/security/cve/cve-2012-1592https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3Ehttps://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3Ehttps://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3Ehttps://security-tracker.debian.org/tracker/CVE-2012-1592
2019-12-05
Published