CVE-2012-4387

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

Affected Software

Name	Vendor	Start Version	End Version
Struts	Apache	2.0.0	2.0.0
Struts	Apache	2.0.1	2.0.1
Struts	Apache	2.0.2	2.0.2
Struts	Apache	2.0.3	2.0.3
Struts	Apache	2.0.4	2.0.4
Struts	Apache	2.0.5	2.0.5
Struts	Apache	2.0.6	2.0.6
Struts	Apache	2.0.7	2.0.7
Struts	Apache	2.0.8	2.0.8
Struts	Apache	2.0.9	2.0.9
Struts	Apache	2.0.10	2.0.10
Struts	Apache	2.0.11	2.0.11
Struts	Apache	2.0.11.1	2.0.11.1
Struts	Apache	2.0.11.2	2.0.11.2
Struts	Apache	2.0.12	2.0.12
Struts	Apache	2.0.13	2.0.13
Struts	Apache	2.0.14	2.0.14
Struts	Apache	2.1.0	2.1.0
Struts	Apache	2.1.1	2.1.1
Struts	Apache	2.1.2	2.1.2
Struts	Apache	2.1.3	2.1.3
Struts	Apache	2.1.4	2.1.4
Struts	Apache	2.1.5	2.1.5
Struts	Apache	2.1.6	2.1.6
Struts	Apache	2.1.8	2.1.8
Struts	Apache	2.1.8.1	2.1.8.1
Struts	Apache	2.2.1	2.2.1
Struts	Apache	2.2.1.1	2.2.1.1
Struts	Apache	2.2.3	2.2.3
Struts	Apache	2.2.3.1	2.2.3.1
Struts	Apache	2.3.1	2.3.1
Struts	Apache	2.3.1.1	2.3.1.1
Struts	Apache	2.3.1.2	2.3.1.2
Struts	Apache	2.3.3	2.3.3
Struts	Apache	2.3.4	2.3.4

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-4387
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References