CVE-2017-12611

NameCVE-2017-12611
DescriptionIn Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libstruts1.2-javasource(unstable)(unfixed)

Notes

[wheezy] - libstruts1.2-java <ignored> (Minor issue)
Only a problem if the application programmer has made a security mistake.
https://struts.apache.org/docs/s2-053.html

Search for package or bug name: Reporting problems