Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
27 Nov 2024, 16:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:* |
21 Nov 2024, 01:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://archiva.apache.org/security.html - Product | |
References | () http://cxsecurity.com/issue/WLB-2014010087 - Exploit, Third Party Advisory | |
References | () http://osvdb.org/98445 - Broken Link | |
References | () http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2013/Oct/96 - Exploit, Mailing List, Third Party Advisory | |
References | () http://seclists.org/oss-sec/2014/q1/89 - Mailing List, Third Party Advisory | |
References | () http://struts.apache.org/release/2.3.x/docs/s2-016.html - Patch | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 - Third Party Advisory | |
References | () http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html - Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/61189 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/64758 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1029184 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1032916 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/90392 - Third Party Advisory, VDB Entry |
16 Jul 2024, 17:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fujitsu primepower
Oracle Redhat Microsoft windows Server 2012 Fujitsu primepower Firmware Fujitsu gp-s Oracle siebel Apps - E-billing Microsoft Oracle solaris Fujitsu gp7000f Fujitsu sparc Fujitsu gp-s Firmware Fujitsu sparc Firmware Fujitsu primergy Fujitsu primergy Firmware Fujitsu gp5000 Microsoft windows Server 2003 Fujitsu Fujitsu gp7000f Firmware Redhat enterprise Linux Fujitsu interstage Business Process Manager Analytics Microsoft windows Server 2008 Apache archiva Fujitsu gp5000 Firmware |
|
References | () http://archiva.apache.org/security.html - Product | |
References | () http://cxsecurity.com/issue/WLB-2014010087 - Exploit, Third Party Advisory | |
References | () http://osvdb.org/98445 - Broken Link | |
References | () http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2013/Oct/96 - Exploit, Mailing List, Third Party Advisory | |
References | () http://seclists.org/oss-sec/2014/q1/89 - Mailing List, Third Party Advisory | |
References | () http://struts.apache.org/release/2.3.x/docs/s2-016.html - Patch | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 - Third Party Advisory | |
References | () http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html - Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/61189 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/64758 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1029184 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1032916 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/90392 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:* |
cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:primepower:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:gp-s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.2:*:*:*:*:*:*:* cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.1:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:gp5000:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:sparc:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:primepower_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:sparc_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:gp7000f_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:primergy:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:gp5000_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:apache:archiva:1.2:-:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:* cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:gp7000f:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:primergy_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:gp-s:-:*:*:*:*:*:*:* |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 9.8 |
CWE | CWE-74 |
Information
Published : 2013-07-20 03:37
Updated : 2025-04-11 00:51
NVD link : CVE-2013-2251
Mitre link : CVE-2013-2251
CVE.ORG link : CVE-2013-2251
JSON object : View
Products Affected
fujitsu
- primergy_firmware
- sparc_firmware
- gp5000
- gp-s
- primepower
- gp7000f
- primepower_firmware
- primergy
- sparc
- gp7000f_firmware
- gp5000_firmware
- gp-s_firmware
- interstage_business_process_manager_analytics
microsoft
- windows_server_2012
- windows_server_2003
- windows_server_2008
apache
- archiva
- struts
redhat
- enterprise_linux
oracle
- solaris
- siebel_apps_-_e-billing
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')