CVE-2015-0249

CWE-94 — Code Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.4%

top 39.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Roller

Timeline

PublishedJul 17

Latest updateMay 17

Description

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDapache/roller5.1.0, 5.1.1+1

🔴Vulnerability Details

GHSA

GHSA-mwgg-25xm-cfpx: The weblog page template in Apache Roller 5↗2022-05-17

▶

CVEList

CVE-2015-0249: The weblog page template in Apache Roller 5↗2017-07-14

▶