CVE-2012-0391 (retired)

The ExceptionDelegator component in Apache Struts before interprets
parameter values as OGNL expressions during certain exception handling for
mismatched data types of properties, which allows remote attackers to
execute arbitrary Java code via a crafted parameter.
Upstream:released (
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2019-03-26 12:00:03 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)