Vulnerability Details : CVE-2013-2251
Public exploit exists!
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Products affected by CVE-2013-2251
- cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:archiva:1.2:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:gp7000f_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:primepower_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:*When used together with: Redhat » Enterprise Linux
- cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.1:*:*:*:*:*:*:*When used together with: Redhat » Enterprise Linux
- cpe:2.3:o:fujitsu:gp-s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:primergy_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:gp5000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:sparc_firmware:-:*:*:*:*:*:*:*
CVE-2013-2251 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Apache Struts Improper Input Validation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2013-2251
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2013-2251
94.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-2251
-
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Disclosure Date: 2013-07-02First seen: 2020-04-26exploit/multi/http/struts_default_action_mapperThe Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navig
CVSS scores for CVE-2013-2251
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-16 |
CWE ids for CVE-2013-2251
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2013-2251
-
http://www.securitytracker.com/id/1029184
MySQL Multiple Bugs Let Remote Authenticated Users Execute Arbitrary Code, Deny Service, and Partially Access and Modify Data - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://seclists.org/oss-sec/2014/q1/89
oss-sec: Re: CVE Request: Apache Archiva Remote Command Execution 0dayMailing List;Third Party Advisory
-
http://archiva.apache.org/security.html
Archiva – Security VulnerabilitiesProduct
-
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Oracle Critical Patch Update - January 2014Patch;Third Party Advisory
-
http://osvdb.org/98445
Broken Link
-
http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html
Apache Struts 2 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple VulnerabilitiesBroken Link;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90392
Apache Archiva OGNL command execution undefined Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1032916
Oracle Siebel Enterprise Flaws Let Remote Users Partially Access and Modify Data and Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://struts.apache.org/release/2.3.x/docs/s2-016.html
S2-016 - DEPRECATED: Apache Struts 2 Documentation - Apache Software FoundationPatch
-
http://cxsecurity.com/issue/WLB-2014010087
Apache Archiva 1.3.6 => Remote Command Execution 0day - CXSecurity.comExploit;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Oracle Critical Patch Update - July 2015Patch;Third Party Advisory
-
http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
This page provides Security Information. - Fujitsu GlobalThird Party Advisory
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco ProductsThird Party Advisory
-
http://www.securityfocus.com/bid/61189
Apache Struts CVE-2013-2251 Multiple Remote Command Execution VulnerabilitiesBroken Link;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2013/Oct/96
Full Disclosure: Apache Software Foundation A Subsite Remote command executionExploit;Mailing List;Third Party Advisory
Jump to