← back
CVE-2012-0394

CVE-2012-0394

EPSS 74.4%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 74.4%KEV nãoPoC públicaNuclei simMetasploit simPatch
Lifecycle
06 Jan 2012Metasploit module available
06 Jan 2012Public PoC
08 Jan 2012Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.