Apache Struts2 - RCE (CVE-2012-0392)
0Exploiting IPs reported
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
CrowdSec analysis
CVE-2012-0392 is a vulnerability in Apache Struts, where the CookieInterceptor component can allow remote attackers to execute arbitrary commands due to inadequate parameter filtering, leading to potential Java code execution.
This vulnerability has a CVSS score of 6.8 and has been tracked by the CrowdSec network since 10 March 2025.
Recent exploitation shows a noticeable increase in activity, though attacks generally appear opportunistic and not highly targeted.
The vulnerability is being leveraged through carefully crafted requests, mainly targeting URLs containing /devmode.action alongside parameters that enable debug command execution.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.