Home

CVE-2013-2251

Description

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.328

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2013-2248,CVE-2013-2251 are fixed in Apache-struts2-core 2.3.15.1Windows
Vulnerabilities CVE-2013-2248,CVE-2013-2251 are fixed in Apache-structs2-core for Linux 2.3.15.1Linux
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products For Cisco Unified Contact Center EnterpriseNCM
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products For Cisco Unified SIP ProxyNCM
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products For Cisco Identity Services EngineNCM
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products For Cisco Unified Communications Manager (CallManager)NCM
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products For Cisco MXE 3000 Series (Media Experience Engines)NCM
Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability (CVE-2013-2251)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705943Security Update for Cisco Unified Contact Center Enterprise 11.6(1)SR0(0)
PATCH-1705497Security Update for Cisco Unified SIP Proxy 8.5(5)
PATCH-1706002Security Update for Cisco Identity Services Engine 2.0(0.905)
PATCH-1706016Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25)
PATCH-1705957Security Update for Cisco MXE 3000 Series (Media Experience Engines) 3.5.2

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234