Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
27 Nov 2024, 16:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:* |
21 Nov 2024, 01:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://archiva.apache.org/security.html - Product | |
References | () http://cxsecurity.com/issue/WLB-2014010087 - Exploit, Third Party Advisory | |
References | () http://osvdb.org/98445 - Broken Link | |
References | () http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2013/Oct/96 - Exploit, Mailing List, Third Party Advisory | |
References | () http://seclists.org/oss-sec/2014/q1/89 - Mailing List, Third Party Advisory | |
References | () http://struts.apache.org/release/2.3.x/docs/s2-016.html - Patch | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 - Third Party Advisory | |
References | () http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html - Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/61189 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/64758 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1029184 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1032916 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/90392 - Third Party Advisory, VDB Entry |
16 Jul 2024, 17:57
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 9.8 |
CPE | cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:* |
cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:gp5000:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:primergy:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1.1:*:*:*:*:*:*:* cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:primepower_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:gp5000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:gp7000f:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:primergy_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:sparc:-:*:*:*:*:*:*:* cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.2:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:sparc_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:gp-s:-:*:*:*:*:*:*:* cpe:2.3:a:apache:archiva:1.2:-:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:gp7000f_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:* cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:* cpe:2.3:h:fujitsu:primepower:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:gp-s_firmware:-:*:*:*:*:*:*:* |
First Time |
Fujitsu primergy Firmware
Oracle Fujitsu sparc Firmware Fujitsu gp5000 Microsoft windows Server 2003 Fujitsu primepower Fujitsu gp7000f Fujitsu Redhat Oracle siebel Apps - E-billing Fujitsu primergy Microsoft Fujitsu gp-s Firmware Redhat enterprise Linux Microsoft windows Server 2008 Fujitsu sparc Apache archiva Fujitsu interstage Business Process Manager Analytics Fujitsu gp7000f Firmware Microsoft windows Server 2012 Fujitsu gp-s Fujitsu gp5000 Firmware Oracle solaris Fujitsu primepower Firmware |
|
References | () http://archiva.apache.org/security.html - Product | |
References | () http://cxsecurity.com/issue/WLB-2014010087 - Exploit, Third Party Advisory | |
References | () http://osvdb.org/98445 - Broken Link | |
References | () http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2013/Oct/96 - Exploit, Mailing List, Third Party Advisory | |
References | () http://seclists.org/oss-sec/2014/q1/89 - Mailing List, Third Party Advisory | |
References | () http://struts.apache.org/release/2.3.x/docs/s2-016.html - Patch | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 - Third Party Advisory | |
References | () http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html - Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/61189 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/64758 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1029184 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1032916 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/90392 - Third Party Advisory, VDB Entry |
Information
Published : 2013-07-20 03:37
Updated : 2024-11-27 16:07
NVD link : CVE-2013-2251
Mitre link : CVE-2013-2251
CVE.ORG link : CVE-2013-2251
JSON object : View
Products Affected
fujitsu
- gp-s_firmware
- primergy
- primergy_firmware
- sparc_firmware
- gp-s
- interstage_business_process_manager_analytics
- gp5000_firmware
- gp5000
- gp7000f_firmware
- sparc
- primepower
- gp7000f
- primepower_firmware
apache
- struts
- archiva
microsoft
- windows_server_2012
- windows_server_2003
- windows_server_2008
oracle
- solaris
- siebel_apps_-_e-billing
redhat
- enterprise_linux
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')