.. / CVE-2010-1870

Exploit for ListSERV Maestro <= 9.0-8 RCE (CVE-2010-1870)

Description:

A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.

Nuclei Template

View the template here CVE-2010-1870.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2010/CVE-2010-1870.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2010-1870
http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
https://www.securifera.com/advisories/sec-2020-0001/
https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
https://www.exploit-db.com/exploits/14360
http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16