Miggo Logo

CVE-2017-12611: Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.99933%
Published
10/16/2018
Updated
1/4/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.struts:struts2-coremaven>= 2.0.1, <= 2.3.332.3.34
org.apache.struts:struts2-coremaven>= 2.5.0, <= 2.5.10.12.5.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure Freemarker configuration in Apache Struts. The commit diff shows the critical fix was adding 'configuration.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER)' in the createConfiguration method. Prior to this, the absence of a secure class resolver allowed malicious OGNL expressions in Freemarker tags to trigger unintended class instantiation. This aligns with the CWE-20 (Improper Input Validation) as the system didn't properly validate/sanitize expression inputs in template processing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** Struts *.*.* t*rou** *.*.** *n* *.* t*rou** *.*.**.*, usin* *n unint*ntion*l *xpr*ssion in * *r**m*rk*r t** inst*** o* strin* lit*r*ls **n l*** to * R** *tt**k.

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* *r**m*rk*r *on*i*ur*tion in *p**** Struts. T** *ommit *i** s*ows t** *riti**l *ix w*s ***in* '*on*i*ur*tion.s*tN*w*uiltin*l*ssR*solv*r(T*mpl*t**l*ssR*solv*r.S***R_R*SOLV*R)' in t** `*r**t**on*i*ur*tion` m*t*o*. P