CVE Vulnerabilities

CVE-2012-4387

Published: Sep 05, 2012 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

Affected Software

Name Vendor Start Version End Version
Struts Apache 2.0.0 2.0.0
Struts Apache 2.0.1 2.0.1
Struts Apache 2.0.2 2.0.2
Struts Apache 2.0.3 2.0.3
Struts Apache 2.0.4 2.0.4
Struts Apache 2.0.5 2.0.5
Struts Apache 2.0.6 2.0.6
Struts Apache 2.0.7 2.0.7
Struts Apache 2.0.8 2.0.8
Struts Apache 2.0.9 2.0.9
Struts Apache 2.0.10 2.0.10
Struts Apache 2.0.11 2.0.11
Struts Apache 2.0.11.1 2.0.11.1
Struts Apache 2.0.11.2 2.0.11.2
Struts Apache 2.0.12 2.0.12
Struts Apache 2.0.13 2.0.13
Struts Apache 2.0.14 2.0.14
Struts Apache 2.1.0 2.1.0
Struts Apache 2.1.1 2.1.1
Struts Apache 2.1.2 2.1.2
Struts Apache 2.1.3 2.1.3
Struts Apache 2.1.4 2.1.4
Struts Apache 2.1.5 2.1.5
Struts Apache 2.1.6 2.1.6
Struts Apache 2.1.8 2.1.8
Struts Apache 2.1.8.1 2.1.8.1
Struts Apache 2.2.1 2.2.1
Struts Apache 2.2.1.1 2.2.1.1
Struts Apache 2.2.3 2.2.3
Struts Apache 2.2.3.1 2.2.3.1
Struts Apache 2.3.1 2.3.1
Struts Apache 2.3.1.1 2.3.1.1
Struts Apache 2.3.1.2 2.3.1.2
Struts Apache 2.3.3 2.3.3
Struts Apache 2.3.4 2.3.4

References