CVE-2017-12611

Summary

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Struts2.0.0 - 2.3.33affected
Apache Software FoundationApache Struts2.5 - 2.5.10.1affected

Weaknesses

  • A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals

ADP Enrichment

CVE Program Container

Additional References

References