Description

A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals.

Remediation

Upgrade to Struts 2.5.12 or Struts 2.3.34

References

Security Bulletin S2-053

Related Vulnerabilities

HTTP.sys remote code execution vulnerability

WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1 - 2.1.1)

Apache Log4j2 JNDI Remote Code Execution (delayed)

Microsoft IIS 6.0 WebDAV Buffer Overflow

uWSGI Unauthorized Access Vulnerability

Severity

High

Classification

CVE-2017-12611 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Code Execution Known Vulnerabilities Acumonitor