CVE-2017-12611

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-12611
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12611.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-12611
Aliases
Published
2017-09-20T17:29:00Z
Modified
2024-09-03T01:40:40.605888Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type
GIT
Repo
https://github.com/apache/struts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0032390ee89749c8dc55ac76f44900697aa0c713
Last affected
013077abcb8d450d7313fb9fc766fe45f0b6f9c5
Last affected
0320310406f6b11cfd235d7a9b866cf1de483a1e
Last affected
0ac8932aa3a1b28a8f950863c17165cdc63b1474
Last affected
12cc861875665e19c9d72a131f606a9b855b5c80
Last affected
17e14ef42bcf1182c2985f2a25543cf4e88235e2
Last affected
183be6b2986755eeac9b86eed9138304a30ff45e
Last affected
1ed29d508fc0a3762ad7d16336a71adcf69bd88d
Last affected
22573f8de8b33ead0fee88eb67817985464218bb
Last affected
28297863aee4d747638ce5b6f22262ac6a118ae0
Last affected
28c17a1b779635a3f3af39169224ea335a0379e2
Last affected
2a37a2e32db6d6905de48e04f71d995f41055827
Last affected
2a4ea6dce4e2d622a57480c1bc337f46315fde96
Last affected
2afda2ecc45730f5c0fc1f88c5d8919fb34d1462
Last affected
2bbc0452601e9816eabcffae0775f9549a651e4c
Last affected
2cf0a7efeb12c8f476e31324dc56456b340ddeab
Last affected
31a0768da35bb762db93e7931cadb8552f206a56
Last affected
3565f4d4f5c4c85a1ffab9e6169c86527aa6f4c7
Last affected
36b6fff05cd4a17f75b091c0edd52e0c1e65ec06
Last affected
3f3776e7dcf106fe05041c743ea32c779e595197
Last affected
402374de33146e1c0401a247e0779e290cb0c078
Last affected
4281e31864e0f2e0bffc0e537dc9c6e40604aec0
Last affected
4b5f5619ddeda22f7f358431f604df580f1e61a1
Last affected
4b744ef87b9bd8ebff43675259df3ae650c9585e
Last affected
4bee55fee30086c786d09503125a2b1c2ae8dcfa
Last affected
5054ff469a416a1fd1331389e48aca6d22eef28f
Last affected
56ae397d75430dc63fd68b0bfb36afbac1226023
Last affected
591347a498b358112cf478a3135107eae39d6e43
Last affected
5c61c9a5752109a00ccdadbce3d4adb681f82c9a
Last affected
6246b8e12eb5abee95916b948a7a97e4d736f10b
Last affected
631ce98d171b1c7adb680b41a0303c61a81678fd
Last affected
645d06e11668b66204db10b5628685650333c5c1
Last affected
676a011b4f4d211e167465f3ffb03894c8f60334
Last affected
6a39976815adf55ada5c4e246d57ec13d9a5ec99
Last affected
6bf54d0b555cf64d46243054a1a8f57356b38f2b
Last affected
6cddee6fc539429544b28a96361a8af7a0691108
Last affected
6d3be1df385939526545714435f6c16fa3dc3d94
Last affected
6fa6f1014b309a96755e94d13563052055402701
Last affected
77cd231b589249b07f36e29061970070ecdd50f3
Last affected
7908a88a405458869f61ecff4b775429724a3ea4
Last affected
7d7d3fc42b013f0983a16473b10ed24efb988e0e
Last affected
7dd83dff485d324980f3d22c726cfd969ecf41f8
Last affected
8135547c7a53364c17a93ba0a38f0463f0315ac5
Last affected
8931ac19ea504a167f4d0c8e57ccc8f7f09f4135
Last affected
8a59ed02c958db9213f0e54d816882a902891761
Last affected
8ca0f2fc464f592fa95d8435d0924c3b9da981ef
Last affected
95814f0fa018ee284fb2c79710681a63dc5ee705
Last affected
9a63e6504b2d246573ff1483d45d9b12a49aa9c6
Last affected
9df00b0a864fac2e763b7c26ba99af057202f0f3
Last affected
a40e9a90bf8b5039728ff312852991e7d580bff4
Last affected
a41f1118fd838bfcac024e94711c8846fcfe87ef
Last affected
a614104a485c8b1a8d16d51511b50d922f00ab3f
Last affected
a6e72347d2179a6d1a84acc0db54615c6f4b274c
Last affected
a72c1f4262a57bfe2819c6def81620d02d7867fb
Last affected
a9974eec5689a7113a6fb1e2096252f0935064dd
Last affected
b2fe62824eebd213625d23378b5307dcb1b82c77
Last affected
b3f712eb1b6b7d38b6f3dce6ee63147f0f96c259
Last affected
b8cadf565addce57581d13e9a8011eec6f42b0f4
Last affected
bb22c585b5b52967fab033dba02cd244cd5b5b7a
Last affected
bc6094eece7dfa65e7439cd018d58e85c5d41e47
Last affected
bef7211c41e7b0df9ff2740c0d4843f5b7a43266
Last affected
c6a0ea2dcd6ea94bf551ed200955724013c34d3b
Last affected
c80cb8458966e10d88a192b5ce68e47aee0e944a
Last affected
cb580fe614d5ff73776c34e39a93aae2ad557757
Last affected
d0dddbc2065b4b157cc6eb9aff9588dab37b4791
Last affected
d469fffed912764f7af2da861319815d088a66e8
Last affected
d793648069386ce90fc9eae31e119de1a675f15a
Last affected
daa62ed42adee485f30f2e8f43893900b5cd64e9
Last affected
de154978ca69a59079024dc6468eedd261293bff
Last affected
de90290354a1c6c819687305e053232bc8a4a697
Last affected
df365f17ea11e319302f648e86da3188ce1c5656
Last affected
e03ff728618f5bf551083fc3a52d43c07434bbc9
Last affected
e372ca3d17ba24778cf57e502ba85bc75b613f2c
Last affected
e5009a34202777b53c5dc36e020d0033aa8be027
Last affected
e893492adcacc5b4f09f378fe1d8f80de1814038
Last affected
e8aa825f21fc951418f0cfa770d32762a4a83664
Last affected
ea055ccb9d7dde6a55a0173e1ecff023fb402334
Last affected
ee27b6604a6e703ab5e802afa93ac43915d4373f
Last affected
ef3c3ece89c6723340c9bc9271e3d2130378afad
Last affected
f0c159d871ee741e0cc74fe858cc7be79841078c
Last affected
f0f4e9ece77000e0eb0071bf233ed4b9bc9c8205
Last affected
f15f28a1766fe991de85c8cd089b102f77915319
Last affected
f187d90a12dd4b5c22a11d7ce7b6549f29516ff8
Last affected
f2348e53cbdf8ad7d9c28c66dc6fefe2c5718636
Last affected
f633bb8270ea52b8d168ade14b8721d8739ceab1
Last affected
f706c2fb2f48cba9bdb67e0ab806eb3cdeba25aa
Last affected
f9d681cc97a175676786ddebed6b5924187e5ae3
Last affected
fc3df96990bafdecc6f3a89cf7a4dcf15066c687
Last affected
fd206c1386cc113e3f5b52fbc5b2f15a458b31b4
Last affected
fe62eb03471666cb871c1d5969b98dc79d578d2d

Affected versions

Other

STRUTS_2_2_1
STRUTS_2_3_14
STRUTS_2_3_16_1
STRUTS_2_3_16_2
STRUTS_2_3_16_3
STRUTS_2_3_17
STRUTS_2_3_19