CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.Enginsight
Vendor | Product | Version |
---|---|---|
apache | struts | 2.0.0 ≤ 𝑥 < 2.3.1 |