Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture.

Struts uses Object-Graph Navigation Language (OGNL) to provide extensive expression evaluation capabilities.

Problem

The **DefaultActionMapper** in Struts 2 versions prior to 2.3.15.1 does not properly handle parameters with a crafted **redirect:** prefix. This could allow remote attackers to execute arbitrary OGNL code.

Resolution

Upgrade to Struts 2.3.15.1 or higher.

References

<http://struts.apache.org/development/2.x/docs/s2-016.html>

Limitations

This exploit was tested against Apache Software Foundation Struts 2.3.1.1 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

This exploit requires that the Struts Action URL be provided.

Platforms

Windows

packetstorm 3

seebug 1

github 1

jvn 1

checkpoint_advisories 2

nessus 5

d2 1

osv 1

openvas 3

prion 1

attackerkb 1

securityvulns 9

zdt 1

saint 3

dsquare 1

canvas 1

cisa_kev 1

nuclei 1

ubuntucve 1

cve 1

f5 5

exploitdb 2

cisco 1

exploitpack 1

kitploit 2

huawei 1

ibm 8

wallarmlab 1

oracle 3

packetstorm

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

2013-07-25 00:00:00

Apache Struts 2 Remote Code Execution

2020-10-20 00:00:00

Struts2 2.3.15 OGNL Injection

2013-08-13 00:00:00

seebug

Apache Struts2 多个前缀参数远程命令执行漏洞(CVE-2013-2251)

2013-07-17 00:00:00

github

Code injection in Apache Struts

2022-05-13 01:14:26

jvn

JVN#33504150: Apache Struts vulnerable to remote command execution

2013-09-06 00:00:00

checkpoint_advisories

Apache Struts Remote Command Execution (CVE-2013-2251)

2013-07-25 00:00:00

Apache Struts Remote Command Execution - Ver2 (CVE-2013-2251)

2015-05-18 00:00:00

nessus

Selligent Message Studio Struts Code Execution (CVE-2013-2251)

2020-11-05 00:00:00

Apache Struts 2 'action:' Parameter Arbitrary Remote Command Execution

2013-07-19 00:00:00

MySQL Enterprise Monitor < 2.3.14 Apache Struts Multiple Vulnerabilities

2015-05-08 00:00:00

DSquare Exploit Pack: D2SEC_STRUTS4

2013-07-20 03:37:00

osv

Code injection in Apache Struts

2022-05-13 01:14:26

openvas

Apache Archiva Multiple Remote Command Execution Vulnerabilities

2014-01-15 00:00:00

Apache Struts2 Redirection and Security Bypass Vulnerabilities

2013-07-24 00:00:00

Apache Struts2 Redirection and Security Bypass Vulnerabilities

2013-07-24 00:00:00

prion

Code injection

2013-07-20 03:37:00

attackerkb

CVE-2013-2251

2013-07-20 00:00:00

securityvulns

[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution

2014-06-14 00:00:00

[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution

2014-05-04 00:00:00

Struts2 Prefixed Parameters OGNL Injection Vulnerability

2013-09-09 00:00:00

zdt

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

2013-07-26 00:00:00

saint

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

dsquare

Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux

2013-10-20 00:00:00

canvas

Immunity Canvas: STRUTS2_DEFAULT_ACTION_MAPPER

2013-07-20 03:37:00

cisa_kev

Apache Struts Improper Input Validation Vulnerability

2022-03-25 00:00:00

nuclei

Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution

2020-10-13 22:06:01

ubuntucve

CVE-2013-2251

2013-07-20 00:00:00

cve

CVE-2013-2251

2013-07-20 03:37:00

K14933 : Apache Struts vulnerability CVE-2013-2251

2014-05-16 00:00:00

SOL15260 - Apache Struts vulnerability CVE-2014-0094

2014-05-15 00:00:00

SOL14933 - Apache Struts vulnerability CVE-2013-2251

2014-01-20 00:00:00

exploitdb

Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution

2020-10-20 00:00:00

Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection

2014-01-14 00:00:00

cisco

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

2013-10-23 16:00:00

exploitpack

Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection

2014-01-14 00:00:00

kitploit

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

2018-08-26 21:14:00

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

huawei

Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products

2013-07-30 00:00:00

ibm

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)

2022-09-26 22:21:32

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)

2023-03-29 01:48:02

Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)

2018-06-18 01:24:24

wallarmlab

New Struts2 Remote Code Execution exploit caught in the wild

2017-03-09 00:15:54

oracle

Oracle Critical Patch Update - October 2013

2013-10-15 00:00:00

Oracle Critical Patch Update - January 2014

2014-01-14 00:00:00

Oracle Critical Patch Update Advisory - July 2015

2015-07-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.974 High

EPSS

Percentile

99.9%

JSON

Related for SAINT:2FE5CCE51B64707F8D205A80240A6467