CyberSec.Space Logo
Back to CVE Browser

CVE-2013-2251

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score53.3690%
EPSS Percentile90.64th
PublishedJul 20, 2013
Last ModifiedApr 22, 2026

Vulnerability Description

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Affected Platforms (CPE)

πŸ“¦
Apache

Archiva

>= 1.3 and < 1.3.8
πŸ“¦
Apache

Archiva

= 1.2
πŸ“¦
Apache

Archiva

= 1.2.2
πŸ“¦
Apache

Struts

>= 2.0.0 and <= 2.3.15
πŸ“¦
Fujitsu

Interstage Business Process Manager Analytics

= 12.0
πŸ“¦
Fujitsu

Interstage Business Process Manager Analytics

= 12.1
πŸ“¦
Oracle

Siebel Apps E Billing

= 6.1
πŸ“¦
Oracle

Siebel Apps E Billing

= 6.1.1
πŸ“¦
Oracle

Siebel Apps E Billing

= 6.2

References & Advisories

πŸ”— http://archiva.apache.org/security.html
πŸ”— http://cxsecurity.com/issue/WLB-2014010087
πŸ”— http://osvdb.org/98445
πŸ”— http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html
πŸ”— http://seclists.org/fulldisclosure/2013/Oct/96
πŸ”— http://seclists.org/oss-sec/2014/q1/89
πŸ”— http://struts.apache.org/release/2.3.x/docs/s2-016.html
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2

Related Vulnerabilities

CVE-2016-50039.8

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via...

CVE-2016-44698.8

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack th...

CVE-2017-56578.0

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious ...

CVE-2016-50027.8

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows rem...