CVE-2017-12611 is a vulnerability in Apache Struts
Published on September 20, 2017
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Products Associated with CVE-2017-12611
Want to know whenever a new CVE is published for Apache Struts? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Struts:- Version 2.0.0 - 2.3.33 is affected.
- Version 2.5 - 2.5.10.1 is affected.
Exploit Probability
EPSS
94.23%
Percentile
99.92%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.