CVE-2012-0393 Medium Severity Vulnerability detected by WhiteSource #37
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2012-0393 - Medium Severity Vulnerability
struts2-core-2.0.8.jar
null
path: /java_security_book/Struts2/s2_002/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.8.jar,/java_security_book/Struts2/s2_001/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.8.jar,2/repository/org/apache/struts/struts2-core/2.0.8/struts2-core-2.0.8.jar
Dependency Hierarchy:
struts2-core-2.0.11.jar
null
path: /java_security_book/Struts2/s2_005/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.11.jar
Dependency Hierarchy:
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
Publish Date: 2012-01-08
URL: CVE-2012-0393
Base Score Metrics not available
Type: Upgrade version
Origin: http://struts.apache.org/2.x/docs/s2-008.html
Release Date: 2017-12-31
Fix Resolution: Developers should immediately upgrade to Struts 2.3.1.1 or read the following solution instructions carefully for a configuration change to mitigate the vulnerability
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: