← volver
CVE-2007-4556

CVE-2007-4556

EPSS 25.7%
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 25.7%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
28 ago 2007Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
Productos afectados
n/a · n/a