CVE-2013-4212: Code Injection
First published: Sat Dec 07 2013(Updated: )
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Roller | <=5.0.1 | |
| Apache Roller | =4.0 | |
| Apache Roller | =4.0.1 | |
| Apache Roller | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rollerweblogger.org/project/entry/apache_roller_5_0_2
- http://secunia.com/advisories/55862
- http://secunia.com/advisories/55877
- http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html
- http://www.exploit-db.com/exploits/29859
- http://www.osvdb.org/100342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89239
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache roller
- version/apache roller/5.0.1
- version/apache roller/4.0
- version/apache roller/4.0.1
- version/apache roller/5.0