Vulnerability CVE-2013-4310


Published: 2013-09-30   Modified: 2014-01-27

Description:
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Apache
Product: Struts 
Version:
2.3.8
2.3.7
2.3.4.1
2.3.4
2.3.3
2.3.15.1
2.3.15
2.3.14.3
2.3.14.2
2.3.14.1
2.3.14
2.3.12
2.3.1.2
2.3.1.1
2.3.1
2.2.3.1
2.2.3
2.2.1.1
2.2.1
2.1.8.1
2.1.8
2.1.6
2.1.5
2.1.4
2.1.3
2.1.2
2.1.1
2.1.0
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.14
2.0.13
2.0.12
2.0.11.2
2.0.11.1
2.0.11
2.0.10
2.0.1
2.0.0

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://struts.apache.org/release/2.3.x/docs/s2-018.html
http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
http://www.securitytracker.com/id/1029077
http://www.securityfocus.com/bid/64758
http://secunia.com/advisories/56492
http://secunia.com/advisories/56483
http://secunia.com/advisories/54919
http://archives.neohapsis.com/archives/bugtraq/2013-10/0083.html

Related CVE
CVE-2017-5655
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
CVE-2017-5654
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
CVE-2016-6799
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default...
CVE-2016-4467
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certifica...
CVE-2017-3161
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
CVE-2017-3162
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.
CVE-2017-5653
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
CVE-2017-5656
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for anoth...

Copyright 2017, cxsecurity.com