daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update and rename vulnerabilities/backdoor/struts2-ognl-backdoor.yaml to cves/2012/CVE-2012-0394.yaml

patch-1
Prince Chaddha 2022-11-26 21:36:58 +05:30 committed by GitHub
parent dcc602cc19
commit cd7cfb5c63
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
vulnerabilities/backdoor/struts2-ognl-backdoor.yaml → cves/2012/CVE-2012-0394.yaml
View File

@ -1,16 +1,19 @@
id: struts2-ognl-backdoor
id: CVE-2012-0394
info:
name: Apache Struts Dev Mode OGNL Injection
author: tess
severity: critical
description: |
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
reference:
- https://www.pwntester.com/blog/2014/01/21/struts-2-devmode-an-ognl-backdoor/
- https://www.exploit-db.com/exploits/31434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394
metadata:
verified: true
shodan-query: html:"Struts Problem Report"
tags: apache,struts,ognl,misconfig,injection
tags: cve,cve2012,apache,struts,ognl,injection
variables:
first: "{{rand_int(1000, 9999)}}"