CVE-2012-0391

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 2.2.3.1

Description The issue arises from improper input validation in the ExceptionDelegator component of Apache Struts. This component interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties. As a result, remote attackers can execute arbitrary Java code via a crafted parameter.

Recommendations For versions prior to 2.2.3.1, update to version 2.2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ExceptionDelegator component to minimize the risk of exploitation.