Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Name CVE-2011-3923 First vendor Publication 2019-11-01
Vendor Cve Last vendor Modification 2019-12-02

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Apache Struts before allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3923

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-732 Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Application 66
Application 1

SAINT Exploits

Description Link
Apache Struts 2 ParametersInterceptor OGNL Command Injection More info here

ExploitDB Exploits

id Description
2014-07-14 Shopizer 1.1.5 - Multiple Vulnerabilities
2013-03-22 Apache Struts ParametersInterceptor Remote Code Execution

Open Source Vulnerability Database (OSVDB)

Id Description
78501 Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Comma...

Snort® IPS/IDS

Date Description
2014-01-10 Apache Struts parameters interceptor remote code execution attempt
RuleID : 21522 - Revision : 10 - Type : SERVER-APACHE

Metasploit Database

id Description
2011-10-01 Apache Struts ParametersInterceptor Remote Code Execution

Nessus® Vulnerability Scanner

Date Description
2012-02-06 Name : A remote web application uses a framework that is affected by a code executio...
File : struts_xwork_ognl_code_execution_safe2.nasl - Type : ACT_ATTACK

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/51628
EXPLOIT-DB http://www.exploit-db.com/exploits/24874
MISC http://seclists.org/fulldisclosure/2014/Jul/38
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/72585

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-05-23 13:16:58
  • Multiple Updates
2020-05-23 01:47:09
  • Multiple Updates
2020-05-23 00:31:47
  • First insertion