Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2013-2248

Published: 20/07/2013 Updated: 31/12/2016
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 585
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Struts

Vulnerability Summary

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 up to and including 2.3.15 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.0.11.2

apache struts 2.0.11.1

apache struts 2.3.14.3

apache struts 2.1.4

apache struts 2.2.1

apache struts 2.1.1

apache struts 2.1.0

apache struts 2.3.1.1

apache struts 2.0.0

apache struts 2.3.8

apache struts 2.0.11

apache struts 2.0.9

apache struts 2.0.6

apache struts 2.1.5

apache struts 2.0.12

apache struts 2.1.6

apache struts 2.0.4

apache struts 2.0.7

apache struts 2.0.10

apache struts 2.0.5

apache struts 2.3.4.1

apache struts 2.3.7

apache struts 2.3.1.2

apache struts 2.2.3.1

apache struts 2.3.15

apache struts 2.3.14.1

apache struts 2.1.3

apache struts 2.1.2

apache struts 2.1.8

apache struts 2.1.8.1

apache struts 2.3.1

apache struts 2.0.1

apache struts 2.3.14

apache struts 2.3.12

apache struts 2.3.4

apache struts 2.3.3

apache struts 2.0.8

apache struts 2.3.14.2

apache struts 2.0.14

apache struts 2.0.13

apache struts 2.2.1.1

apache struts 2.2.3

apache struts 2.0.3

apache struts 2.0.2

Vendor Advisories

Red Hat: CVE-2013-2248
Multiple open redirect vulnerabilities in Apache Struts 200 through 2315 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix ...

Exploits

Exploit DB: Apache Struts 2.2.3 - Multiple Open Redirections
source: wwwsecurityfocuscom/bid/61196/info Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it When an unsuspecting victim follows the link, they may ...
Exploit DB: Struts2 2.3.15 Open Redirect
Struts2 suffers from an open redirection vulnerability Versions 200 through 2315 are affected ...
Exploit DB: Struts2 2.3.15 OGNL Injection
Struts2 suffers from an OGNL injection vulnerability that allows for redirection Versions 200 through 2315 are affected ...

References

CWE-20http://struts.apache.org/release/2.3.x/docs/s2-017.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.securityfocus.com/bid/64758http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlhttp://www.securityfocus.com/bid/61196https://nvd.nist.govhttps://www.exploit-db.com/exploits/38666/https://access.redhat.com/security/cve/cve-2013-2248
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook