CVE-2013-4212

medium Apache
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
87.0%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: December 7, 2013 (4541 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."

CWE

CWE-94

Affected Products

apache roller

References

🔗 rollerweblogger.org 🔗 secunia.com 🔗 secunia.com 🔗 security.coverity.com 🔗 www.exploit-db.com