CVE-2020-17530
Apache Struts Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
11Exploited in Wild
YesDecision
Descriptions
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Una evaluación OGNL forzada, cuando se evalúa según la entrada del usuario sin procesar en los atributos de la etiqueta, puede conllevar a una ejecución de código remota. Software afectado: Apache Struts versión 2.0.0 - Struts versión 2.5.25
The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-12 CVE Reserved
- 2020-12-09 First Exploit
- 2020-12-11 CVE Published
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-11-17 EPSS Updated
CWE
- CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CAPEC
References (26)
URL | Date | SRC |
---|---|---|
https://github.com/wuzuowei/CVE-2020-17530 | 2020-12-18 | |
https://github.com/ka1n4t/CVE-2020-17530 | 2020-12-09 | |
https://github.com/Al1ex/CVE-2020-17530 | 2020-12-22 | |
https://github.com/phil-fly/CVE-2020-17530 | 2020-12-09 | |
https://github.com/CyborgSecurity/CVE-2020-17530 | 2020-12-30 | |
https://github.com/fengziHK/CVE-2020-17530-strust2-061 | 2020-12-14 | |
https://github.com/uzzzval/CVE-2020-17530 | 2021-01-07 | |
https://github.com/nth347/CVE-2020-17530 | 2023-08-04 | |
https://github.com/secpool2000/CVE-2020-17530 | 2020-12-09 | |
https://github.com/keyuan15/CVE-2020-17530 | 2023-04-02 | |
https://github.com/killmonday/CVE-2020-17530-s2-061 | 2021-01-24 |
URL | Date | SRC |
---|---|---|
https://security.netapp.com/advisory/ntap-20210115-0005 | 2022-06-03 | |
https://www.oracle.com//security-alerts/cpujul2021.html | 2022-06-03 | |
https://www.oracle.com/security-alerts/cpuApr2021.html | 2022-06-03 | |
https://www.oracle.com/security-alerts/cpujan2021.html | 2022-06-03 | |
https://www.oracle.com/security-alerts/cpujan2022.html | 2022-06-03 | |
https://www.oracle.com/security-alerts/cpuoct2021.html | 2022-06-03 |
URL | Date | SRC |
---|---|---|
https://cwiki.apache.org/confluence/display/WW/S2-061 | 2020-09-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Struts Search vendor "Apache" for product "Struts" | >= 2.0.0 < 2.5.30 Search vendor "Apache" for product "Struts" and version " >= 2.0.0 < 2.5.30" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Business Intelligence Search vendor "Oracle" for product "Business Intelligence" | 12.2.1.3.0 Search vendor "Oracle" for product "Business Intelligence" and version "12.2.1.3.0" | enterprise |
Affected
| ||||||
Oracle Search vendor "Oracle" | Business Intelligence Search vendor "Oracle" for product "Business Intelligence" | 12.2.1.4.0 Search vendor "Oracle" for product "Business Intelligence" and version "12.2.1.4.0" | enterprise |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Diameter Intelligence Hub Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" | 8.0.0 Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" and version "8.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Diameter Intelligence Hub Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" | 8.1.0 Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" and version "8.1.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Diameter Intelligence Hub Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" | 8.2.0 Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" and version "8.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Diameter Intelligence Hub Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" | 8.2.3 Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" and version "8.2.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Policy Management Search vendor "Oracle" for product "Communications Policy Management" | 12.5.0 Search vendor "Oracle" for product "Communications Policy Management" and version "12.5.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Pricing Design Center Search vendor "Oracle" for product "Communications Pricing Design Center" | 12.0.0.3.0 Search vendor "Oracle" for product "Communications Pricing Design Center" and version "12.0.0.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Data Integration Hub Search vendor "Oracle" for product "Financial Services Data Integration Hub" | 8.0.3 Search vendor "Oracle" for product "Financial Services Data Integration Hub" and version "8.0.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Data Integration Hub Search vendor "Oracle" for product "Financial Services Data Integration Hub" | 8.0.6 Search vendor "Oracle" for product "Financial Services Data Integration Hub" and version "8.0.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Hospitality Opera 5 Search vendor "Oracle" for product "Hospitality Opera 5" | 5.6 Search vendor "Oracle" for product "Hospitality Opera 5" and version "5.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor" | 8.0.23 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version "8.0.23" | - |
Affected
|