What is CVE-2012-0391?

CVE-2012-0391 is a critical vulnerability in Apache Struts that allows remote code execution due to improper input validation. Organizations must apply patches immediately to mitigate risks.

What is the severity of CVE-2012-0391?

CVE-2012-0391 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2012-0391 | Critical Vulnerability in Apache Struts

Q: Is CVE-2012-0391 in CISA KEV?

Yes. CVE-2012-0391 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2012-0391 is a critical vulnerability affecting Apache Struts versions prior to 2.2.3.1. This vulnerability allows remote attackers to execute arbitrary Java code via crafted parameters. The severity level of this vulnerability is critical, with a CVSS score of 9.8, highlighting the significant risk it poses to organizations using affected versions of the software.

The risk to organizations includes unauthorized remote code execution, which can lead to data breaches, service disruptions, and loss of sensitive information. Additionally, as this vulnerability has been classified as actively exploited in the wild, organizations must prioritize patching immediately.

With a known exploit and multiple references indicating its critical nature, security teams must take immediate action to assess their environments for this vulnerability. The urgency is underscored by its high-profile status and the potential for significant damage should it be successfully exploited.

Organizations using Apache Struts should ensure they are on version 2.2.3.1 or later to mitigate this risk effectively. Continuous monitoring and timely updates are essential to safeguard against this and other vulnerabilities.

Vulnerability Details

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties. This flaw allows remote attackers to execute arbitrary Java code via a crafted parameter.

The vulnerability has a CVSS score of 9.8, classified as critical. It involves a network attack vector with low attack complexity, no privileges required, and no user interaction needed, which makes it particularly dangerous.

The affected products include Apache Struts, with the vulnerability identified as CWE-94 (Improper Control of Generation of Code). The publication date of this vulnerability was January 8, 2012.

Technical Analysis

The root cause of CVE-2012-0391 stems from the improper validation of user input in the ExceptionDelegator component. When a mismatch occurs in data types, the system evaluates the parameter values as OGNL expressions, leading to arbitrary code execution risks.

The attack vector for this vulnerability is network-based, meaning attackers can exploit it remotely without physical access to the target system. The attack complexity is low, requiring no special privileges, and user interaction is not required, making it easily exploitable.

The impacts of this vulnerability are severe, with high confidentiality, integrity, and availability impacts. Successful exploitation can lead to complete control over the affected system, compromising sensitive data and disrupting services.

Risk & Impact Analysis

Organizations that deploy Apache Struts without addressing CVE-2012-0391 are at significant risk. The potential for unauthorized remote code execution can lead to severe consequences, including data breaches and operational disruptions. Given the high CVSS score and known exploit status, this vulnerability represents a critical threat to organizational security.

The blast radius for this vulnerability is extensive, as it can affect any application relying on affected Apache Struts versions. Organizations should assess their applications and prioritize remediation based on the critical nature of this vulnerability.

Given its presence in the Known Exploited Vulnerabilities (KEV) catalog, organizations must act swiftly to remediate this vulnerability. The urgency is critical, and failure to address it could result in significant financial and reputational damage.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected product is Apache Struts, specifically all versions prior to 2.2.3.1. Organizations using these versions are strongly advised to upgrade to the latest version to mitigate the risk.

Mitigation & Remediation

Organizations should apply the latest patches provided by Apache to remediate this vulnerability. The recommended version to upgrade to is 2.2.3.1 or later. If a patch is not immediately available, organizations should implement workarounds, such as limiting access to affected components and monitoring for unusual activity.

Configuration hardening should also be a priority, ensuring that input validation and sanitization measures are in place to minimize the risk of code injection attacks. Additionally, continuous monitoring for any signs of exploitation is crucial to detect and respond to potential threats swiftly.

For further guidance on effective security measures, organizations can refer to the penetration testing services offered by AppSecure.

Detection Guidance

To detect potential exploitation attempts of CVE-2012-0391, organizations should monitor log files for unusual input patterns, particularly those that involve OGNL expression evaluations. Behavioral anomalies, such as unexpected application crashes or performance degradation, should also trigger alerts.

Network signatures can be developed to identify malicious requests targeting the vulnerable components. Additionally, system changes, particularly in the ExceptionDelegator component, should be closely monitored to detect unauthorized modifications.

AppSecure Threat Intelligence Insight

CVE-2012-0391 represents a significant threat to organizations that utilize Apache Struts. Its long-term significance lies in the lessons learned about the importance of input validation and the potential consequences of neglecting these security measures. Security teams should prioritize proactive measures to safeguard their applications against such vulnerabilities.

The pattern of exploitation seen with CVE-2012-0391 serves as a reminder of the evolving nature of threats in the digital landscape. Organizations must remain vigilant and adaptive in their security strategies to counteract these risks effectively.

To enhance their security posture, organizations may consider engaging in application security assessments and adopting best practices in secure coding to prevent similar vulnerabilities from arising in the future.

Utilizing services such as red teaming can also help in identifying potential weaknesses before they are exploited by malicious actors.

Known Exploitation Timeline

CVE-2012-0391 was added to the KEV catalog on January 21, 2022, highlighting its ongoing relevance and the necessity for organizations to address it promptly.

EPSS Risk Context

The EPSS score for CVE-2012-0391 is 0.883, placing it in the 99.5th percentile of risk. This indicates a high probability of exploitation, reinforcing the need for immediate action to mitigate its potential impact.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2012-0391: Critical Vulnerability in Apache Struts