CyberSec.Space Logo
Back to CVE Browser

CVE-2017-12611

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile32.55th
PublishedSep 20, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

Affected Platforms (CPE)

📦
Apache

Struts

= 2.0.1
📦
Apache

Struts

= 2.0.2
📦
Apache

Struts

= 2.0.3
📦
Apache

Struts

= 2.0.4
📦
Apache

Struts

= 2.0.5
📦
Apache

Struts

= 2.0.6
📦
Apache

Struts

= 2.0.7
📦
Apache

Struts

= 2.0.8
📦
Apache

Struts

= 2.0.9
📦
Apache

Struts

= 2.0.10
📦
Apache

Struts

= 2.0.11
📦
Apache

Struts

= 2.0.11.1
📦
Apache

Struts

= 2.0.11.2
📦
Apache

Struts

= 2.0.12
📦
Apache

Struts

= 2.0.13
📦
Apache

Struts

= 2.0.14
📦
Apache

Struts

= 2.1.0
📦
Apache

Struts

= 2.1.1
📦
Apache

Struts

= 2.1.2
📦
Apache

Struts

= 2.1.3
📦
Apache

Struts

= 2.1.4
📦
Apache

Struts

= 2.1.5
📦
Apache

Struts

= 2.1.6
📦
Apache

Struts

= 2.1.8
📦
Apache

Struts

= 2.1.8.1
📦
Apache

Struts

= 2.2.1
📦
Apache

Struts

= 2.2.1.1
📦
Apache

Struts

= 2.2.3
📦
Apache

Struts

= 2.2.3.1
📦
Apache

Struts

= 2.3.1
📦
Apache

Struts

= 2.3.1.1
📦
Apache

Struts

= 2.3.1.2
📦
Apache

Struts

= 2.3.3
📦
Apache

Struts

= 2.3.4
📦
Apache

Struts

= 2.3.4.1
📦
Apache

Struts

= 2.3.5
📦
Apache

Struts

= 2.3.6
📦
Apache

Struts

= 2.3.7
📦
Apache

Struts

= 2.3.8
📦
Apache

Struts

= 2.3.9
📦
Apache

Struts

= 2.3.10
📦
Apache

Struts

= 2.3.11
📦
Apache

Struts

= 2.3.12
📦
Apache

Struts

= 2.3.13
📦
Apache

Struts

= 2.3.14
📦
Apache

Struts

= 2.3.14.1
📦
Apache

Struts

= 2.3.14.2
📦
Apache

Struts

= 2.3.14.3
📦
Apache

Struts

= 2.3.15
📦
Apache

Struts

= 2.3.15.1
📦
Apache

Struts

= 2.3.15.2
📦
Apache

Struts

= 2.3.15.3
📦
Apache

Struts

= 2.3.16
📦
Apache

Struts

= 2.3.16.1
📦
Apache

Struts

= 2.3.16.2
📦
Apache

Struts

= 2.3.16.3
📦
Apache

Struts

= 2.3.17
📦
Apache

Struts

= 2.3.19
📦
Apache

Struts

= 2.3.20
📦
Apache

Struts

= 2.3.20.1
📦
Apache

Struts

= 2.3.20.2
📦
Apache

Struts

= 2.3.21
📦
Apache

Struts

= 2.3.22
📦
Apache

Struts

= 2.3.23
📦
Apache

Struts

= 2.3.24.2
📦
Apache

Struts

= 2.3.24.3
📦
Apache

Struts

= 2.3.25
📦
Apache

Struts

= 2.3.26
📦
Apache

Struts

= 2.3.27
📦
Apache

Struts

= 2.3.28
📦
Apache

Struts

= 2.3.28.1
📦
Apache

Struts

= 2.3.29
📦
Apache

Struts

= 2.3.30
📦
Apache

Struts

= 2.3.31
📦
Apache

Struts

= 2.3.32
📦
Apache

Struts

= 2.3.33
📦
Apache

Struts

= 2.5
📦
Apache

Struts

= 2.5
📦
Apache

Struts

= 2.5
📦
Apache

Struts

= 2.5
📦
Apache

Struts

= 2.5.1
📦
Apache

Struts

= 2.5.2
📦
Apache

Struts

= 2.5.3
📦
Apache

Struts

= 2.5.4
📦
Apache

Struts

= 2.5.5
📦
Apache

Struts

= 2.5.6
📦
Apache

Struts

= 2.5.7
📦
Apache

Struts

= 2.5.8
📦
Apache

Struts

= 2.5.9
📦
Apache

Struts

= 2.5.10

References & Advisories

🔗 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
🔗 http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
🔗 http://www.securityfocus.com/bid/100829
🔗 https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001
🔗 https://struts.apache.org/docs/s2-053.html
🔗 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
🔗 http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
🔗 http://www.securityfocus.com/bid/100829

Related Vulnerabilities

CVE-2013-431610.0

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVE-2012-083810.0

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows re...

CVE-2020-175309.8

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

CVE-2017-97919.8

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw...