829
VMScore

CVE-2013-1965

Published: 10/07/2013 Updated: 12/08/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Apache Struts Showcase App 2.0.0 up to and including 2.3.13, as used in Struts 2 prior to 2.3.14.3, allows remote malicious users to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache struts

apache struts2-showcase

Vendor Advisories

Apache Struts Showcase App 200 through 2313, as used in Struts 2 before 23141, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect ...

Github Repositories

A proof of concept exploit for the CVE-2013-1965 vulnerability affecting Apache Struts 2

CVE-2013-1965 A proof of concept exploit for the CVE-2013-1965 vulnerability affecting Apache Struts 2

What this is generate_esgfconfsh is a script file from the esgf_scanner repo which is used to generate as output, a configuration file for use with the CVEChecker tool The idea is to be able to auto-generate a manifest for each release, and use that an input to scan for known vulnerabilities When a reported vulnerability is studied and deemed to be addressed, it can then be

What is CVEChecker ? CVEChecker is a tool that aggregates CVE information from Redhat and the NVD vulnerability data feeds, to setup a local vulnerability store that can be queried offline Vulnerabilities can be looked up on the basis of user-specified parameters such as a product name, keywords in the vulnerability description, or the CVEid itself Filters such as --aft

https://51pwn.com,Awesome Penetration Testing,hacker tools collection, metasploit exploit, meterpreter....struts2、weblogic, 0day,poc,apt,backdoor,VulApps,vuln,pentest-script

Twitter: @Hktalent3135773 penetration tools dependencies Command Description kali linux recommend system node js program runtime javac, java auto generate payload metasploit auto generate payload, and autoexploit gcc auto generate payload tmux auto background send payload, shell Bash base64, tr, nc, auto generate payload python auto genera