CVE-2013-4212

EUVD-2013-4117
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
apacheroller
𝑥
≤ 5.0.1
apacheroller
4.0
apacheroller
4.0.1
apacheroller
5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rollerweblogger.org/project/entry/apache_roller_5_0_2
http://secunia.com/advisories/55862
http://secunia.com/advisories/55877
http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
http://www.exploit-db.com/exploits/29859
http://www.osvdb.org/100342
https://exchange.xforce.ibmcloud.com/vulnerabilities/89239
http://rollerweblogger.org/project/entry/apache_roller_5_0_2
http://secunia.com/advisories/55862
http://secunia.com/advisories/55877
http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
http://www.exploit-db.com/exploits/29859
http://www.osvdb.org/100342
https://exchange.xforce.ibmcloud.com/vulnerabilities/89239