CVE-2013-2251 (GCVE-0-2013-2251)
Vulnerability from cvelistv5
Published
2013-07-18 01:00
Modified
2025-02-07 13:32
Severity ?
EPSS score ?
Summary
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
References
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2022-03-25
Due date: 2022-04-15
Required action: Apply updates per vendor instructions.
Used in ransomware: Unknown
Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-2251
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:27:41.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { name: "apache-archiva-ognl-command-exec(90392)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90392", }, { name: "20131013 Apache Software Foundation A Subsite Remote command execution", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2013/Oct/96", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://cxsecurity.com/issue/WLB-2014010087", }, { name: "20131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://struts.apache.org/release/2.3.x/docs/s2-016.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://archiva.apache.org/security.html", }, { name: "98445", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/98445", }, { name: "1032916", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032916", }, { name: "61189", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/61189", }, { name: "1029184", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029184", }, { name: "64758", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/64758", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", }, { name: "[oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0day", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q1/89", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2013-2251", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T13:24:31.949070Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-25", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2251", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T13:32:51.389Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-16T00:00:00.000Z", descriptions: [ { lang: "en", value: "Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:06:20.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { name: "apache-archiva-ognl-command-exec(90392)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90392", }, { name: "20131013 Apache Software Foundation A Subsite Remote command execution", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2013/Oct/96", }, { tags: [ "x_refsource_MISC", ], url: "http://cxsecurity.com/issue/WLB-2014010087", }, { name: "20131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://struts.apache.org/release/2.3.x/docs/s2-016.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://archiva.apache.org/security.html", }, { name: "98445", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/98445", }, { name: "1032916", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032916", }, { name: "61189", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/61189", }, { name: "1029184", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029184", }, { name: "64758", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/64758", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", }, { name: "[oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0day", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q1/89", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-2251", datePublished: "2013-07-18T01:00:00.000Z", dateReserved: "2013-02-19T00:00:00.000Z", dateUpdated: "2025-02-07T13:32:51.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { cisa_known_exploited: { cveID: "CVE-2013-2251", cwes: "[\"CWE-20\"]", dateAdded: "2022-03-25", dueDate: "2022-04-15", knownRansomwareCampaignUse: "Unknown", notes: "https://nvd.nist.gov/vuln/detail/CVE-2013-2251", product: "Struts", requiredAction: "Apply updates per vendor instructions.", shortDescription: "Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.", vendorProject: "Apache", vulnerabilityName: "Apache Struts Improper Input Validation Vulnerability", }, fkie_nvd: { cisaActionDue: "2022-04-15", cisaExploitAdd: "2022-03-25", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Apache Struts Improper Input Validation Vulnerability", configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.3\", \"versionEndExcluding\": \"1.3.8\", \"matchCriteriaId\": \"3A10FB76-761D-4411-B6A8-B1AD5C133071\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0E0751C-E0BD-4C33-A541-C6FC67CE6663\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCCF9A1C-7091-4D72-8AFC-5373F45FF7D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.3.15\", \"matchCriteriaId\": \"61C63F76-5AFE-4D2F-B81C-D3476C165227\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D24308C-EEFB-477D-A88C-95E76CAC8AD7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3527F41-A6ED-437D-9833-458A2C60C2A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32623D48-7000-4C7D-823F-7D2A9841D88C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0\", \"versionEndIncluding\": \"6.10\", \"matchCriteriaId\": \"8D0C7AB6-1B62-49E3-99F8-53DD9329264E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2825C5B3-6495-43FE-9D87-750C8B9B25EC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3527F41-A6ED-437D-9833-458A2C60C2A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32623D48-7000-4C7D-823F-7D2A9841D88C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E8C192B-8044-4BF9-9F1F-57371FC0E8FD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0\", \"versionEndIncluding\": \"6.10\", \"matchCriteriaId\": \"8D0C7AB6-1B62-49E3-99F8-53DD9329264E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fujitsu:gp7000f_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"577FACF4-0FB9-461A-877C-32DA8DBBF2B8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fujitsu:gp7000f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D55A60A2-B9F8-49CF-AD55-033942363704\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fujitsu:primepower_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5392609-A095-40AA-8190-783B8CCFDB18\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fujitsu:primepower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77300584-CABF-4332-8E1A-763048496818\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fujitsu:gp-s_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"931139C5-A9D3-4D63-AF15-B0C5DD0578D1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fujitsu:gp-s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"855CDB9B-5476-4765-A8E3-69C7D42E1DFC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fujitsu:primergy_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78239AD8-F1E1-49F2-A89F-F8488F21C014\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fujitsu:primergy:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D9091D4-FC2B-43DE-A8C5-87922034536F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fujitsu:gp5000_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"262CD533-5171-4AB0-9537-65FC5FBA195E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fujitsu:gp5000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C3BE416-DA1B-4168-BE30-DFE3CD84E4E2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fujitsu:sparc_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3177688-5BBE-4C19-8A5C-FCF76AE2B227\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fujitsu:sparc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E1A333-794C-44BE-9E2A-C6711169681E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"109A2A5D-D631-472F-AA80-2E1D707943F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51D5BAC9-E5B1-4A19-8B87-0CA2FA046D27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F0DBE55-667B-45EF-8C3A-9C7AA33ADDE6\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.\"}, {\"lang\": \"es\", \"value\": \"Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos ejecutar expresiones OGNL arbitrarias mediante un par\\u00e1metro con una (1)acci\\u00f3n:, (2) redirect:, o (3) redirectAction:\"}]", id: "CVE-2013-2251", lastModified: "2024-11-27T16:07:37.487", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2013-07-20T03:37:30.737", references: "[{\"url\": \"http://archiva.apache.org/security.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Product\"]}, {\"url\": \"http://cxsecurity.com/issue/WLB-2014010087\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://osvdb.org/98445\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2013/Oct/96\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/oss-sec/2014/q1/89\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://struts.apache.org/release/2.3.x/docs/s2-016.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/61189\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/64758\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029184\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032916\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://archiva.apache.org/security.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"http://cxsecurity.com/issue/WLB-2014010087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://osvdb.org/98445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2013/Oct/96\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/oss-sec/2014/q1/89\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://struts.apache.org/release/2.3.x/docs/s2-016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/61189\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/64758\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032916\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]", sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2013-2251\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-07-20T03:37:30.737\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.\"},{\"lang\":\"es\",\"value\":\"Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos ejecutar expresiones OGNL arbitrarias mediante un parámetro con una (1)acción:, (2) redirect:, o (3) redirectAction:\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apache Struts Improper Input Validation Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3\",\"versionEndExcluding\":\"1.3.8\",\"matchCriteriaId\":\"3A10FB76-761D-4411-B6A8-B1AD5C133071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E0751C-E0BD-4C33-A541-C6FC67CE6663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCF9A1C-7091-4D72-8AFC-5373F45FF7D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.3.15\",\"matchCriteriaId\":\"61C63F76-5AFE-4D2F-B81C-D3476C165227\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D24308C-EEFB-477D-A88C-95E76CAC8AD7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3527F41-A6ED-437D-9833-458A2C60C2A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32623D48-7000-4C7D-823F-7D2A9841D88C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"6.10\",\"matchCriteriaId\":\"8D0C7AB6-1B62-49E3-99F8-53DD9329264E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2825C5B3-6495-43FE-9D87-750C8B9B25EC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3527F41-A6ED-437D-9833-458A2C60C2A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32623D48-7000-4C7D-823F-7D2A9841D88C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8C192B-8044-4BF9-9F1F-57371FC0E8FD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"6.10\",\"matchCriteriaId\":\"8D0C7AB6-1B62-49E3-99F8-53DD9329264E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:gp7000f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"577FACF4-0FB9-461A-877C-32DA8DBBF2B8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:gp7000f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55A60A2-B9F8-49CF-AD55-033942363704\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:primepower_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5392609-A095-40AA-8190-783B8CCFDB18\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:primepower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77300584-CABF-4332-8E1A-763048496818\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:gp-s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"931139C5-A9D3-4D63-AF15-B0C5DD0578D1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:gp-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"855CDB9B-5476-4765-A8E3-69C7D42E1DFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:primergy_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78239AD8-F1E1-49F2-A89F-F8488F21C014\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:primergy:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D9091D4-FC2B-43DE-A8C5-87922034536F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:gp5000_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"262CD533-5171-4AB0-9537-65FC5FBA195E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:gp5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C3BE416-DA1B-4168-BE30-DFE3CD84E4E2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:sparc_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3177688-5BBE-4C19-8A5C-FCF76AE2B227\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:sparc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E1A333-794C-44BE-9E2A-C6711169681E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"109A2A5D-D631-472F-AA80-2E1D707943F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D5BAC9-E5B1-4A19-8B87-0CA2FA046D27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F0DBE55-667B-45EF-8C3A-9C7AA33ADDE6\"}]}]}],\"references\":[{\"url\":\"http://archiva.apache.org/security.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Product\"]},{\"url\":\"http://cxsecurity.com/issue/WLB-2014010087\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/98445\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2013/Oct/96\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/oss-sec/2014/q1/89\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://struts.apache.org/release/2.3.x/docs/s2-016.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/61189\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/64758\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029184\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032916\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://archiva.apache.org/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"http://cxsecurity.com/issue/WLB-2014010087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/98445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2013/Oct/96\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/oss-sec/2014/q1/89\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://struts.apache.org/release/2.3.x/docs/s2-016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/61189\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/64758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392\", \"name\": \"apache-archiva-ognl-command-exec(90392)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2013/Oct/96\", \"name\": \"20131013 Apache Software Foundation A Subsite Remote command execution\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"]}, {\"url\": \"http://cxsecurity.com/issue/WLB-2014010087\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2\", \"name\": \"20131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"http://struts.apache.org/release/2.3.x/docs/s2-016.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://archiva.apache.org/security.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://osvdb.org/98445\", \"name\": \"98445\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1032916\", \"name\": \"1032916\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/61189\", \"name\": \"61189\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1029184\", \"name\": \"1029184\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/64758\", \"name\": \"64758\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/oss-sec/2014/q1/89\", \"name\": \"[oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0day\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T15:27:41.156Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2013-2251\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T13:24:31.949070Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2251\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-74\", \"description\": \"CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T13:25:24.255Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2013-07-16T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392\", \"name\": \"apache-archiva-ognl-command-exec(90392)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2013/Oct/96\", \"name\": \"20131013 Apache Software Foundation A Subsite Remote command execution\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"]}, {\"url\": \"http://cxsecurity.com/issue/WLB-2014010087\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2\", \"name\": \"20131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"http://struts.apache.org/release/2.3.x/docs/s2-016.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://archiva.apache.org/security.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://osvdb.org/98445\", \"name\": \"98445\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"]}, {\"url\": \"http://www.securitytracker.com/id/1032916\", \"name\": \"1032916\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.securityfocus.com/bid/61189\", \"name\": \"61189\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.securitytracker.com/id/1029184\", \"name\": \"1029184\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.securityfocus.com/bid/64758\", \"name\": \"64758\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://seclists.org/oss-sec/2014/q1/89\", \"name\": \"[oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0day\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2020-10-20T21:06:20.000Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2013-2251\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T13:32:51.389Z\", \"dateReserved\": \"2013-02-19T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2013-07-18T01:00:00.000Z\", \"assignerShortName\": \"redhat\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.