CVE-2011-3923

NameCVE-2011-3923
DescriptionApache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libstruts1.2-javasource(unstable)(not affected)

Notes

- libstruts1.2-java <not-affected> (Only affects 2.x)
https://cwiki.apache.org/confluence/display/WW/S2-009
http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html

Search for package or bug name: Reporting problems