Lucene search

[email protected]NVD:CVE-2013-2134

HistoryJul 16, 2013 - 6:55 p.m.

CVE-2013-2134

2013-07-1618:55:01

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.962

Percentile

99.6%

JSON

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

Affected configurations

Nvd

Node

apachestrutsRange2.0.0–2.3.14.3

VendorProductVersionCPE
apachestruts*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	struts	*	cpe:2.3:a:apache:struts::::::::

References

security.gentoo.org/glsa/glsa-201409-04.xml

struts.apache.org/development/2.x/docs/s2-015.html

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

www.securityfocus.com/bid/60346

www.securityfocus.com/bid/64758

cwiki.apache.org/confluence/display/WW/S2-015

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.962

Percentile

99.6%

JSON

Related for NVD:CVE-2013-2134

prion2 cvelist2 cve2 nessus3 ubuntucve2 osv2 github2 openvas2 f51 exploitdb1 checkpoint_advisories1 nvd1 seebug1 huawei1 ibm9 wallarmlab1 gentoo1 kitploit1 oracle2