CVE-2012-1592

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 2.5.22

Description The issue is related to a local code execution problem in Apache Struts2 when processing malformed XSLT files. This could allow a malicious user to upload and execute arbitrary files by sending a specially crafted XSLT file. The exploitation of this issue may enable a remote attacker to execute arbitrary code.

Recommendations For versions prior to 2.5.22, update to version 2.5.22 or later to resolve the issue. As a temporary workaround, consider restricting the upload of XSLT files or disabling the processing of malformed XSLT files until a patch is applied.