CVE-2013-4212 Information

Description

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol which uses a subclass of UIAction aka \OGNL Injection.\

Reference

http://rollerweblogger.org/project/entry/apache_roller_5_0_2 http://secunia.com/advisories/55862 http://secunia.com/advisories/55877 http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.html http://www.exploit-db.com/exploits/29859 http://www.osvdb.org/100342 https://exchange.xforce.ibmcloud.com/vulnerabilities/89239