CVE-2012-0392

Description

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.

CVSS Version 2.0

nvd

CVE ID: CVE-2012-0392
Base Score: 6.8
Base Severity: MEDIUM
Vector String:AV:N/AC:M/Au:N/C:P/I:P/A:P

Proof Of Concept

Nuclei Templates for CVE-2012-0392

Refrence: Project Discovery GitHub

Refrence: NVD