Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:APACHE:CVE-2017-12611-RCE

Severity

 Major

Recommended

 No

Category

 HTTP

Keywords

 Apache Struts CVE-2017-12611 Remote Code Execution

Release Date

 2020/03/17

Update Number

 3263

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Apache Struts CVE-2017-12611 Remote Code Execution


This signature detects attempts to exploit a known vulnerability against Apache Struts. A successful attack can lead to arbitrary code execution.

Extended Description

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

Affected Products

  • Apache struts 2.0.1
  • Apache struts 2.0.10
  • Apache struts 2.0.11
  • Apache struts 2.0.11.1
  • Apache struts 2.0.11.2
  • Apache struts 2.0.12
  • Apache struts 2.0.13
  • Apache struts 2.0.14
  • Apache struts 2.0.2
  • Apache struts 2.0.3
  • Apache struts 2.0.4
  • Apache struts 2.0.5
  • Apache struts 2.0.6
  • Apache struts 2.0.7
  • Apache struts 2.0.8
  • Apache struts 2.0.9
  • Apache struts 2.1.0
  • Apache struts 2.1.1
  • Apache struts 2.1.2
  • Apache struts 2.1.3
  • Apache struts 2.1.4
  • Apache struts 2.1.5
  • Apache struts 2.1.6
  • Apache struts 2.1.8
  • Apache struts 2.1.8.1
  • Apache struts 2.2.1
  • Apache struts 2.2.1.1
  • Apache struts 2.2.3
  • Apache struts 2.2.3.1
  • Apache struts 2.3.1
  • Apache struts 2.3.10
  • Apache struts 2.3.11
  • Apache struts 2.3.1.1
  • Apache struts 2.3.12
  • Apache struts 2.3.1.2
  • Apache struts 2.3.13
  • Apache struts 2.3.14
  • Apache struts 2.3.14.1
  • Apache struts 2.3.14.2
  • Apache struts 2.3.14.3
  • Apache struts 2.3.15
  • Apache struts 2.3.15.1
  • Apache struts 2.3.15.2
  • Apache struts 2.3.15.3
  • Apache struts 2.3.16
  • Apache struts 2.3.16.1
  • Apache struts 2.3.16.2
  • Apache struts 2.3.16.3
  • Apache struts 2.3.17
  • Apache struts 2.3.19
  • Apache struts 2.3.20
  • Apache struts 2.3.20.1
  • Apache struts 2.3.20.2
  • Apache struts 2.3.21
  • Apache struts 2.3.22
  • Apache struts 2.3.23
  • Apache struts 2.3.24.2
  • Apache struts 2.3.24.3
  • Apache struts 2.3.25
  • Apache struts 2.3.26
  • Apache struts 2.3.27
  • Apache struts 2.3.28
  • Apache struts 2.3.28.1
  • Apache struts 2.3.29
  • Apache struts 2.3.3
  • Apache struts 2.3.30
  • Apache struts 2.3.31
  • Apache struts 2.3.32
  • Apache struts 2.3.33
  • Apache struts 2.3.4
  • Apache struts 2.3.4.1
  • Apache struts 2.3.5
  • Apache struts 2.3.6
  • Apache struts 2.3.7
  • Apache struts 2.3.8
  • Apache struts 2.3.9
  • Apache struts 2.5
  • Apache struts 2.5.1
  • Apache struts 2.5.10
  • Apache struts 2.5.2
  • Apache struts 2.5.3
  • Apache struts 2.5.4
  • Apache struts 2.5.5
  • Apache struts 2.5.6
  • Apache struts 2.5.7
  • Apache struts 2.5.8
  • Apache struts 2.5.9

References

  • BugTraq: 100829
  • CVE: CVE-2017-12611

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out