CVE-2012-1592

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

Published: Dec 5, 2019
Updated: May 9, 2024
CVE: CVE-2012-1592
GHSA: GHSA-8m5q-crqq-6pmf
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
apache / struts	2.0.0	2.0.0.x
org.apache.struts / struts2-core	2.0	2.5.22

http://www.openwall.com/lists/oss-security/2012/03/28/12
https://access.redhat.com/security/cve/cve-2012-1592
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592
https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76
https://issues.apache.org/jira/browse/WW-5055
https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E
https://seclists.org/bugtraq/2012/Mar/110
https://security-tracker.debian.org/tracker/CVE-2012-1592
https://struts.apache.org/security/#internal-security-mechanism
https://www.openwall.com/lists/oss-security/2012/03/28/12

Vulnerability Database

289,697

CVE-2012-1592