Vulnerability CVE-2013-2251


Published: 2013-07-19   Modified: 2017-09-21

Description:
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

See advisories in our WLB2 database:
Topic
Author
Date
High
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Juan vazquez
27.07.2013
Med.
Apache Struts2 2.3.15 OGNL Injection
Takeshi Terada
14.08.2013
High
Apache Archiva 1.3.6 => Remote Command Execution 0day
Kacper
14.01.2014
High
Struts 2 DefaultActionMapper RCE Exploit S2-016 [Python]
Jonatas Fil
05.07.2017

Vendor: Apache
Product: Struts 
Version:
2.3.8
2.3.7
2.3.4.1
2.3.4
2.3.3
2.3.15
2.3.14.3
2.3.14.2
2.3.14.1
2.3.14
2.3.12
2.3.1.2
2.3.1.1
2.3.1
2.2.3.1
2.2.3
2.2.1.1
2.2.1
2.1.8.1
2.1.8
2.1.6
2.1.5
2.1.4
2.1.3
2.1.2
2.1.1
2.1.0
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.14
2.0.13
2.0.12
2.0.11.2
2.0.11.1
2.0.11
2.0.10
2.0.1
2.0.0

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://archiva.apache.org/security.html
http://cxsecurity.com/issue/WLB-2014010087
http://seclists.org/fulldisclosure/2013/Oct/96
http://seclists.org/oss-sec/2014/q1/89
http://struts.apache.org/release/2.3.x/docs/s2-016.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/61189
http://www.securityfocus.com/bid/64758
http://www.securitytracker.com/id/1029184
http://www.securitytracker.com/id/1032916
https://exchange.xforce.ibmcloud.com/vulnerabilities/90392

Related CVE
CVE-2017-9797
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In a...
CVE-2014-0043
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerabilit...
CVE-2017-9794
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurren...
CVE-2016-4434
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF ...
CVE-2017-9790
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always sta...
CVE-2017-7687
When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A mal...
CVE-2017-12621
During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said...
CVE-2015-5183
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.

Copyright 2017, cxsecurity.com

 

Back to Top