Red Hat Bugzilla – Bug 799980
CVE-2012-0838 Struts2: Certain strings evaluated as OGNL expressions, leading to run-time data modification or arbitrary code execution
Last modified: 2012-03-05 20:02:20 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0838 to the following vulnerability:
Apache Struts 2 before 126.96.36.199 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products.