CyberSec.Space Logo
Back to CVE Browser

CVE-2013-4316

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0950%
EPSS Percentile25.97th
PublishedSep 30, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

Affected Platforms (CPE)

πŸ“¦
Apache

Struts

= 2.0.0
πŸ“¦
Apache

Struts

= 2.0.1
πŸ“¦
Apache

Struts

= 2.0.2
πŸ“¦
Apache

Struts

= 2.0.3
πŸ“¦
Apache

Struts

= 2.0.4
πŸ“¦
Apache

Struts

= 2.0.5
πŸ“¦
Apache

Struts

= 2.0.6
πŸ“¦
Apache

Struts

= 2.0.7
πŸ“¦
Apache

Struts

= 2.0.8
πŸ“¦
Apache

Struts

= 2.0.9
πŸ“¦
Apache

Struts

= 2.0.10
πŸ“¦
Apache

Struts

= 2.0.11
πŸ“¦
Apache

Struts

= 2.0.11.1
πŸ“¦
Apache

Struts

= 2.0.11.2
πŸ“¦
Apache

Struts

= 2.0.12
πŸ“¦
Apache

Struts

= 2.0.13
πŸ“¦
Apache

Struts

= 2.0.14
πŸ“¦
Apache

Struts

= 2.1.0
πŸ“¦
Apache

Struts

= 2.1.1
πŸ“¦
Apache

Struts

= 2.1.2
πŸ“¦
Apache

Struts

= 2.1.3
πŸ“¦
Apache

Struts

= 2.1.4
πŸ“¦
Apache

Struts

= 2.1.5
πŸ“¦
Apache

Struts

= 2.1.6
πŸ“¦
Apache

Struts

= 2.1.8
πŸ“¦
Apache

Struts

= 2.1.8.1
πŸ“¦
Apache

Struts

= 2.2.1
πŸ“¦
Apache

Struts

= 2.2.1.1
πŸ“¦
Apache

Struts

= 2.2.3
πŸ“¦
Apache

Struts

= 2.2.3.1
πŸ“¦
Apache

Struts

= 2.3.1
πŸ“¦
Apache

Struts

= 2.3.1.1
πŸ“¦
Apache

Struts

= 2.3.1.2
πŸ“¦
Apache

Struts

= 2.3.3
πŸ“¦
Apache

Struts

= 2.3.4
πŸ“¦
Apache

Struts

= 2.3.4.1
πŸ“¦
Apache

Struts

= 2.3.7
πŸ“¦
Apache

Struts

= 2.3.8
πŸ“¦
Apache

Struts

= 2.3.12
πŸ“¦
Apache

Struts

= 2.3.14
πŸ“¦
Apache

Struts

= 2.3.14.1
πŸ“¦
Apache

Struts

= 2.3.14.2
πŸ“¦
Apache

Struts

= 2.3.14.3
πŸ“¦
Apache

Struts

= 2.3.15
πŸ“¦
Apache

Struts

= 2.3.15.1
πŸ“¦
Oracle

Flexcube Private Banking

= 1.7
πŸ“¦
Oracle

Flexcube Private Banking

= 2.0
πŸ“¦
Oracle

Flexcube Private Banking

= 2.0.1
πŸ“¦
Oracle

Flexcube Private Banking

= 2.2.0.1
πŸ“¦
Oracle

Flexcube Private Banking

= 3.0
πŸ“¦
Oracle

Flexcube Private Banking

= 12.0.1
πŸ“¦
Oracle

Flexcube Private Banking

= 12.0.2
πŸ“¦
Oracle

Mysql Enterprise Monitor

<= 2.3.14
πŸ“¦
Oracle

Mysql Enterprise Monitor

<= 3.0.4
πŸ“¦
Oracle

Webcenter Sites

= 11.1.1.6.1
πŸ“¦
Oracle

Webcenter Sites

= 11.1.1.8.0

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
πŸ”— http://struts.apache.org/release/2.3.x/docs/s2-019.html
πŸ”— http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
πŸ”— http://www.securityfocus.com/bid/64758
πŸ”— http://www.securitytracker.com/id/1029078
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
πŸ”— http://struts.apache.org/release/2.3.x/docs/s2-019.html
πŸ”— http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Related Vulnerabilities

CVE-2012-083810.0

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows re...

CVE-2020-175309.8

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...

CVE-2019-02309.8

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remot...