Vulnerability Details : CVE-2013-2251
Public exploit exists!
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Vulnerability category: Input validation
CVE-2013-2251 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Apache Struts Improper Input Validation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2013-2251
Probability of exploitation activity in the next 30 days: 97.42%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-2251
-
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Disclosure Date: 2013-07-02First seen: 2020-04-26exploit/multi/http/struts_default_action_mapperThe Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navig
CVSS scores for CVE-2013-2251
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-2251
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2251
-
http://www.securitytracker.com/id/1029184
MySQL Multiple Bugs Let Remote Authenticated Users Execute Arbitrary Code, Deny Service, and Partially Access and Modify Data - SecurityTracker
-
http://seclists.org/oss-sec/2014/q1/89
oss-sec: Re: CVE Request: Apache Archiva Remote Command Execution 0day
-
http://archiva.apache.org/security.html
Archiva – Security Vulnerabilities
-
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Oracle Critical Patch Update - January 2014
-
http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html
Apache Struts 2 Remote Code Execution ≈ Packet Storm
-
http://www.securityfocus.com/bid/64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90392
Apache Archiva OGNL command execution undefined Vulnerability Report
-
http://www.securitytracker.com/id/1032916
Oracle Siebel Enterprise Flaws Let Remote Users Partially Access and Modify Data and Gain Elevated Privileges - SecurityTracker
-
http://struts.apache.org/release/2.3.x/docs/s2-016.html
S2-016 - DEPRECATED: Apache Struts 2 Documentation - Apache Software FoundationPatch;Vendor Advisory
-
http://cxsecurity.com/issue/WLB-2014010087
Apache Archiva 1.3.6 => Remote Command Execution 0day - CXSecurity.com
-
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Oracle Critical Patch Update - July 2015Patch;Vendor Advisory
-
http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
This page provides Security Information. - Fujitsu Global
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
-
http://www.securityfocus.com/bid/61189
Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
-
http://seclists.org/fulldisclosure/2013/Oct/96
Full Disclosure: Apache Software Foundation A Subsite Remote command execution
Products affected by CVE-2013-2251
- cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*