CVE-2013-4212

NONECVSS 0.0

0.0

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."

🔗 References (14)

secalert@redhathttp://rollerweblogger.org/project/entry/apache_roller_5_0_2
secalert@redhathttp://secunia.com/advisories/55862
secalert@redhathttp://secunia.com/advisories/55877
secalert@redhathttp://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
secalert@redhathttp://www.exploit-db.com/exploits/29859
secalert@redhathttp://www.osvdb.org/100342
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/89239
af854a3a-2127-422b-91ae-364da2661108http://rollerweblogger.org/project/entry/apache_roller_5_0_2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55862
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55877
af854a3a-2127-422b-91ae-364da2661108http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/29859
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/100342
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89239

Is Your Infrastructure Affected by CVE-2013-4212?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-4212

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-4212?