Lucene search

Ubuntu.comUB:CVE-2013-6348

HistoryNov 02, 2013 - 12:00 a.m.

CVE-2013-6348

2013-11-0200:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts
2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via
the namespace parameter to (1) actionNames.action and (2) showConfig.action
in config-browser/.

Notes

Author	Note
jdstrand	per Debian, only affects Struts 2.0.0 - Struts 2.3.15.3

References

en.wooyun.org/bugs/wooyun-2013-034?2592

osvdb.org/99047

osvdb.org/99048

packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2013/Oct/244

issues.apache.org/jira/browse/WW-4213

launchpad.net/bugs/cve/CVE-2013-6348

nvd.nist.gov/vuln/detail/CVE-2013-6348

security-tracker.debian.org/tracker/CVE-2013-6348

www.cve.org/CVERecord?id=CVE-2013-6348

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for UB:CVE-2013-6348