CVE-2012-0394

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 2.3.1.1

Description The issue allows remote attackers to execute arbitrary commands via unspecified vectors when the DebuggingInterceptor component is used in developer mode. The vendor characterizes this behavior as not a security vulnerability itself.

Recommendations For versions prior to 2.3.1.1, update to version 2.3.1.1 or later to resolve the issue. As a temporary workaround, consider disabling the developer mode to minimize the risk of exploitation.