Published: 16/07/2013 Updated: 23/11/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Apache Struts 2 prior to 2.3.14.3 allows remote malicious users to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts

source: wwwsecurityfocuscom/bid/60345/info Apache Struts is prone to a remote OGNL expression injection vulnerability Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application Apache Struts 200 through versions 23143 are vulnerable www ...

CWE-94 http://struts.apache.org/development/2.x/docs/s2-015.html https://cwiki.apache.org/confluence/display/WW/S2-015 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/64758 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/60346 http://security.gentoo.org/glsa/glsa-201409-04.xml https://nvd.nist.gov https://www.exploit-db.com/exploits/38549/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2134

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect