CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-4316

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0950%
EPSS Percentile25.97th
Published2013年9月30日
Last Modified2026年4月29日

Vulnerability Description

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

Affected Platforms (CPE)

📦
Apache

Struts

= 2.0.0
📦
Apache

Struts

= 2.0.1
📦
Apache

Struts

= 2.0.2
📦
Apache

Struts

= 2.0.3
📦
Apache

Struts

= 2.0.4
📦
Apache

Struts

= 2.0.5
📦
Apache

Struts

= 2.0.6
📦
Apache

Struts

= 2.0.7
📦
Apache

Struts

= 2.0.8
📦
Apache

Struts

= 2.0.9
📦
Apache

Struts

= 2.0.10
📦
Apache

Struts

= 2.0.11
📦
Apache

Struts

= 2.0.11.1
📦
Apache

Struts

= 2.0.11.2
📦
Apache

Struts

= 2.0.12
📦
Apache

Struts

= 2.0.13
📦
Apache

Struts

= 2.0.14
📦
Apache

Struts

= 2.1.0
📦
Apache

Struts

= 2.1.1
📦
Apache

Struts

= 2.1.2
📦
Apache

Struts

= 2.1.3
📦
Apache

Struts

= 2.1.4
📦
Apache

Struts

= 2.1.5
📦
Apache

Struts

= 2.1.6
📦
Apache

Struts

= 2.1.8
📦
Apache

Struts

= 2.1.8.1
📦
Apache

Struts

= 2.2.1
📦
Apache

Struts

= 2.2.1.1
📦
Apache

Struts

= 2.2.3
📦
Apache

Struts

= 2.2.3.1
📦
Apache

Struts

= 2.3.1
📦
Apache

Struts

= 2.3.1.1
📦
Apache

Struts

= 2.3.1.2
📦
Apache

Struts

= 2.3.3
📦
Apache

Struts

= 2.3.4
📦
Apache

Struts

= 2.3.4.1
📦
Apache

Struts

= 2.3.7
📦
Apache

Struts

= 2.3.8
📦
Apache

Struts

= 2.3.12
📦
Apache

Struts

= 2.3.14
📦
Apache

Struts

= 2.3.14.1
📦
Apache

Struts

= 2.3.14.2
📦
Apache

Struts

= 2.3.14.3
📦
Apache

Struts

= 2.3.15
📦
Apache

Struts

= 2.3.15.1
📦
Oracle

Flexcube Private Banking

= 1.7
📦
Oracle

Flexcube Private Banking

= 2.0
📦
Oracle

Flexcube Private Banking

= 2.0.1
📦
Oracle

Flexcube Private Banking

= 2.2.0.1
📦
Oracle

Flexcube Private Banking

= 3.0
📦
Oracle

Flexcube Private Banking

= 12.0.1
📦
Oracle

Flexcube Private Banking

= 12.0.2
📦
Oracle

Mysql Enterprise Monitor

<= 2.3.14
📦
Oracle

Mysql Enterprise Monitor

<= 3.0.4
📦
Oracle

Webcenter Sites

= 11.1.1.6.1
📦
Oracle

Webcenter Sites

= 11.1.1.8.0

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
🔗 http://struts.apache.org/release/2.3.x/docs/s2-019.html
🔗 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
🔗 http://www.securityfocus.com/bid/64758
🔗 http://www.securitytracker.com/id/1029078
🔗 http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
🔗 http://struts.apache.org/release/2.3.x/docs/s2-019.html
🔗 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

関連する脆弱性情報

CVE-2012-083810.0

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows re...

CVE-2020-175309.8

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...

CVE-2019-02309.8

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remot...