CVE-2012-0394

Description

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

CVSS Version 2.0

nvd

CVE ID: CVE-2012-0394
Base Score: 6.8
Base Severity: MEDIUM
Vector String:AV:N/AC:M/Au:N/C:P/I:P/A:P

Proof Of Concept

Nuclei Templates for CVE-2012-0394

Refrence: Project Discovery GitHub

Refrence: NVD