← back
CVE-2013-4212

CVE-2013-4212

EPSS 81.1%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 81.1%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
31 Oct 2013Metasploit module available
27 Nov 2013Public PoC
07 Dec 2013Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.