CVE-2012-4387Apache Struts vulnerability

CWE-2645 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
7.9%
top 7.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Struts
Timeline
PublishedSep 5
Latest updateMay 17

Description

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/struts35 versions+34

Patches

Patch: struts.apache.orgPatch: struts.apache.org

🔴Vulnerability Details

3
GHSA
Denial of service in Apache Struts2022-05-17
OSV
Denial of service in Apache Struts2022-05-17
CVEList
CVE-2012-4387: Apache Struts 22012-09-05

💬Community

1
Bugzilla
CVE-2012-4387 struts2: Long parameter name DoS2012-09-03
CVE-2012-4387 — Apache Struts vulnerability | cvebase