CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-2251

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score53.3690%
EPSS Percentile90.64th
Published2013年7月20日
Last Modified2026年4月22日

Vulnerability Description

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Affected Platforms (CPE)

📦
Apache

Archiva

>= 1.3 and < 1.3.8
📦
Apache

Archiva

= 1.2
📦
Apache

Archiva

= 1.2.2
📦
Apache

Struts

>= 2.0.0 and <= 2.3.15
📦
Fujitsu

Interstage Business Process Manager Analytics

= 12.0
📦
Fujitsu

Interstage Business Process Manager Analytics

= 12.1
📦
Oracle

Siebel Apps E Billing

= 6.1
📦
Oracle

Siebel Apps E Billing

= 6.1.1
📦
Oracle

Siebel Apps E Billing

= 6.2

References & Advisories

🔗 http://archiva.apache.org/security.html
🔗 http://cxsecurity.com/issue/WLB-2014010087
🔗 http://osvdb.org/98445
🔗 http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html
🔗 http://seclists.org/fulldisclosure/2013/Oct/96
🔗 http://seclists.org/oss-sec/2014/q1/89
🔗 http://struts.apache.org/release/2.3.x/docs/s2-016.html
🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2

関連する脆弱性情報

CVE-2016-50039.8

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via...

CVE-2016-44698.8

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack th...

CVE-2017-56578.0

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious ...

CVE-2016-50027.8

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows rem...