Design/Logic Flaw

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

Default configuration

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

CVE-2013-4310

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

EUVD-2022-4896

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

CVE-2013-4316

CVE-2013-4316 affects Apache Struts 2.0.0–2.3.15.1, where Dynamic Method Invocation is enabled by default, enabling remote code execution with OGNL-parameter crafted requests. The IBM and related advisories confirm this vulnerability and reference the same CVE, describing the impact as remote cod...

CVE-2013-4310

CVE-2013-4310 is an Apache Struts 2 vulnerability (prefix action: bypass) with a CVSS v2 base score 5.8 (network, low complexity). IBM security bullets tie this to IBM SAN Volume Controller, Storwize family, Storwize V7000, V5000, V3700, V3500 (Lenovo) and related IBM Flex System components. In I...

CVE-2013-4310

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

Apache Struts 2 'action:' Parameter Prefix Security Constraint Bypass

The remote web application appears to use Struts 2, a web framework used for creating Java web applications. The version of Struts 2 in use is affected by a security constraint bypass vulnerability due to a flaw in the action mapping mechanism. Under certain unspecified conditions, an attacker...

Apache Struts 远程代码执行漏洞(CVE-2013-4316)

BUGTRAQ ID: 62587 CVECAN ID: CVE-2013-4316 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 Apache Struts 2.3.15.2之前版本的“Dynamic Method Invocation”机制是默认开启的，仅提醒用户如果可能的情况下关闭此机制，这样就存在远程代码执行漏洞，远程攻击者可利用此漏洞在受影响应用上下文中执行任意代码。 0 Apache Group Struts 2.3.15.2 厂商补丁： Apache Group ------------ Apache...

Apache Struts 安全措施绕过漏洞

BUGTRAQ ID: 62584 CVECAN ID: CVE-2013-4310 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 Apache Struts 2.0.0-2.3.15.1的操作映射机制支持特殊参数前缀操作，这样有可能会在表格底部附加引导信息，在映射 "action:" 前缀操作时存在安全绕过漏洞，可被利用绕过某些安全限制，访问受限制功能。 0 Apache Group Struts 2.3.15.2 厂商补丁： Apache Group ------------ Apache...

Apache Upgrade Repairs Struts, Fixes Two Vulnerabilities

Developers behind the Apache Struts framework have released an update that fixes two vulnerabilities. Creators of the open-source web application framework are encouraging users to upgrade to Struts 2.3.15.2 immediately. One of the fixes addresses an issue CVE-2013-4316 in the Dynamic Method...

Struts2 Prefixed Parameters Open Redirect Vulnerability

CVE Number: CVE-2013-2248 Title: Struts2 Prefixed Parameters Open Redirect Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-017...

Struts2 Prefixed Parameters OGNL Injection Vulnerability

CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-016...

Apache Struts vulnerable to remote command execution

Overview Apache Struts contains a remote command execution vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the...

JVN#33504150: Apache Struts vulnerable to remote command execution

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the developer published as S2-016 on July 16, 2013 Note that attacks leveraging...

Apache Struts Wildcard Matching OGNL Code Execution (CVE-2013-2134)

A code execution vulnerability exists in Apache Struts OGNL...

Struts2 2.3.15 OGNL Injection

CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-016...

Apache Struts 2 ExceptionDelegator Arbitrary Remote Command Execution

The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. Due to an error in the way that the ExceptionDelegator component handles mismatched data types, an unauthenticated, remote attacker can execute...

Apache Struts Open Redirect Arbitrary Website Redirection (CVE-2013-2248)

An open redirect vulnerability has been reported in Apache Struts...