5.8
CVSSv2

CVE-2013-2248

Published: 20/07/2013 Updated: 31/12/2016
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 up to and including 2.3.15 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.0.11.2

apache struts 2.0.11.1

apache struts 2.3.14.3

apache struts 2.1.4

apache struts 2.2.1

apache struts 2.1.1

apache struts 2.1.0

apache struts 2.3.1.1

apache struts 2.0.0

apache struts 2.3.8

apache struts 2.0.11

apache struts 2.0.9

apache struts 2.0.12

apache struts 2.2.3.1

apache struts 2.3.15

apache struts 2.3.14

apache struts 2.0.7

apache struts 2.0.4

apache struts 2.1.8.1

apache struts 2.3.3

apache struts 2.3.4

apache struts 2.1.3

apache struts 2.1.2

apache struts 2.1.5

apache struts 2.0.1

apache struts 2.1.8

apache struts 2.3.4.1

apache struts 2.3.7

apache struts 2.3.1

apache struts 2.1.6

apache struts 2.0.5

apache struts 2.3.12

apache struts 2.3.1.2

apache struts 2.0.6

apache struts 2.0.10

apache struts 2.3.14.1

apache struts 2.0.8

apache struts 2.0.2

apache struts 2.0.3

apache struts 2.3.14.2

apache struts 2.0.14

apache struts 2.2.3

apache struts 2.2.1.1

apache struts 2.0.13

Vendor Advisories

Multiple open redirect vulnerabilities in Apache Struts 200 through 2315 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix ...

Exploits

source: wwwsecurityfocuscom/bid/61196/info Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it When an unsuspecting victim follows the link, they may ...

Mailing Lists

Struts2 suffers from an open redirection vulnerability Versions 200 through 2315 are affected ...
Struts2 suffers from an OGNL injection vulnerability that allows for redirection Versions 200 through 2315 are affected ...