Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. (CVE-2013-2251)

Impact

None

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip analyticseq11.0.0
big-ip analyticseq11.1.0
big-ip analyticseq11.2.0
big-ip analyticseq11.2.1
big-ip analyticseq11.3.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip analytics	eq	11.0.0
big-ip analytics	eq	11.1.0
big-ip analytics	eq	11.2.0
big-ip analytics	eq	11.2.1
big-ip analytics	eq	11.3.0

Rows per page:

1-10 of 1841

packetstorm 3

seebug 1

github 1

jvn 1

prion 1

attackerkb 1

securityvulns 9

openvas 4

checkpoint_advisories 2

d2 1

nessus 5

osv 1

saint 4

dsquare 1

canvas 1

zdt 1

ubuntucve 1

cisa_kev 1

nuclei 1

cve 1

cisco 1

exploitpack 1

exploitdb 1

kitploit 2

f5 4

huawei 1

ibm 8

wallarmlab 1

oracle 3

packetstorm

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

2013-07-25 00:00:00

Apache Struts 2 Remote Code Execution

2020-10-20 00:00:00

Struts2 2.3.15 OGNL Injection

2013-08-13 00:00:00

seebug

Apache Struts2 多个前缀参数远程命令执行漏洞(CVE-2013-2251)

2013-07-17 00:00:00

github

Code injection in Apache Struts

2022-05-13 01:14:26

jvn

JVN#33504150: Apache Struts vulnerable to remote command execution

2013-09-06 00:00:00

prion

Code injection

2013-07-20 03:37:00

attackerkb

CVE-2013-2251

2013-07-20 00:00:00

securityvulns

[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution

2014-06-14 00:00:00

[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution

2014-05-04 00:00:00

Struts2 Prefixed Parameters OGNL Injection Vulnerability

2013-09-09 00:00:00

openvas

Apache Archiva Multiple Remote Command Execution Vulnerabilities

2014-01-15 00:00:00

Apache Struts2 Redirection and Security Bypass Vulnerabilities

2013-07-24 00:00:00

Apache Struts Security Update (S2-016, S2-017) - Active Check

2013-07-24 00:00:00

checkpoint_advisories

Apache Struts Remote Command Execution (CVE-2013-2251)

2013-07-25 00:00:00

Apache Struts Remote Command Execution - Ver2 (CVE-2013-2251)

2015-05-18 00:00:00

DSquare Exploit Pack: D2SEC_STRUTS4

2013-07-20 03:37:00

nessus

Apache Struts 2 'action:' Parameter Arbitrary Remote Command Execution

2013-07-19 00:00:00

Selligent Message Studio Struts Code Execution (CVE-2013-2251)

2020-11-05 00:00:00

MySQL Enterprise Monitor < 2.3.14 Apache Struts Multiple Vulnerabilities

2015-05-08 00:00:00

osv

Code injection in Apache Struts

2022-05-13 01:14:26

saint

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

dsquare

Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux

2013-10-20 00:00:00

canvas

Immunity Canvas: STRUTS2_DEFAULT_ACTION_MAPPER

2013-07-20 03:37:00

zdt

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

2013-07-26 00:00:00

ubuntucve

CVE-2013-2251

2013-07-20 00:00:00

cisa_kev

Apache Struts Improper Input Validation Vulnerability

2022-03-25 00:00:00

nuclei

Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution

2020-10-13 22:06:01

cve

CVE-2013-2251

2013-07-20 03:37:00

cisco

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

2013-10-23 16:00:00

exploitpack

Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection

2014-01-14 00:00:00

exploitdb

Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection

2014-01-14 00:00:00

kitploit

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

2018-08-26 21:14:00

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

SOL15262 - Apache Struts vulnerability CVE-2014-0113

2014-05-15 00:00:00

SOL15260 - Apache Struts vulnerability CVE-2014-0094

2014-05-15 00:00:00

SOL14933 - Apache Struts vulnerability CVE-2013-2251

2014-01-20 00:00:00

huawei

Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products

2013-07-30 00:00:00

ibm

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)

2022-09-26 22:21:32

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)

2023-03-29 01:48:02

Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)

2018-06-18 01:24:24

wallarmlab

New Struts2 Remote Code Execution exploit caught in the wild

2017-03-09 00:15:54

oracle

Oracle Critical Patch Update - October 2013

2013-10-15 00:00:00

Oracle Critical Patch Update - January 2014

2014-01-14 00:00:00

Oracle Critical Patch Update Advisory - July 2015

2015-07-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Related for F5:K14933