CVE-2013-2251
critical-risk
Published 2013-07-20
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Do I need to act?
!
94.3% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (15)
References (33)
Broken Link
http://osvdb.org/98445
Mailing List
http://seclists.org/oss-sec/2014/q1/89
Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
Third Party Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-bp...
Broken Link
http://www.securityfocus.com/bid/61189
Broken Link
http://www.securityfocus.com/bid/64758
Broken Link
http://www.securitytracker.com/id/1029184
Broken Link
http://www.securitytracker.com/id/1032916
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90392
Broken Link
http://osvdb.org/98445
and 13 more references
84
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
34/34 · Critical
Exposure
18/34 · Moderate