CVE-2012-0392 is a vulnerability in Apache Struts
Published on January 8, 2012
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
Products Associated with CVE-2012-0392
Want to know whenever a new CVE is published for Apache Struts? stack.watch will email you.
Exploit Probability
EPSS
85.36%
Percentile
99.35%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.