5.8
CVSSv2

CVE-2013-2248

Published: 20/07/2013 Updated: 31/12/2016
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 585
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 up to and including 2.3.15 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.3.1.1

apache struts 2.0.9

apache struts 2.0.12

apache struts 2.2.3.1

apache struts 2.1.0

apache struts 2.3.15

apache struts 2.0.0

apache struts 2.3.14

apache struts 2.0.8

apache struts 2.0.7

apache struts 2.0.4

apache struts 2.2.1

apache struts 2.1.8.1

apache struts 2.3.3

apache struts 2.3.4

apache struts 2.1.3

apache struts 2.1.2

apache struts 2.1.5

apache struts 2.0.1

apache struts 2.3.14.3

apache struts 2.0.2

apache struts 2.1.8

apache struts 2.3.4.1

apache struts 2.0.11.1

apache struts 2.3.8

apache struts 2.3.7

apache struts 2.0.3

apache struts 2.3.14.2

apache struts 2.0.14

apache struts 2.3.1

apache struts 2.0.11

apache struts 2.1.6

apache struts 2.0.5

apache struts 2.2.3

apache struts 2.3.12

apache struts 2.1.4

apache struts 2.2.1.1

apache struts 2.0.11.2

apache struts 2.0.13

apache struts 2.3.1.2

apache struts 2.1.1

apache struts 2.0.6

apache struts 2.0.10

apache struts 2.3.14.1

Vendor Advisories

Multiple open redirect vulnerabilities in Apache Struts 200 through 2315 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix ...

Exploits

source: wwwsecurityfocuscom/bid/61196/info Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it When an unsuspecting victim follows the link, they may ...
Struts2 suffers from an open redirection vulnerability Versions 200 through 2315 are affected ...
Struts2 suffers from an OGNL injection vulnerability that allows for redirection Versions 200 through 2315 are affected ...