VDB
CVE-2013-4310
CVE-2013-4310
PUBLISHED
CVSS 5.800000190734863 MEDIUM
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
EPSS 8.73% · 92.6th percentile
Risk Scores
CVSS 2.0
5.800000190734863
EPSS Score
8.73%
92.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apache | struts | 2.1.3, 2.0.0, 2.0.1 |
| Maven | org.apache.struts:struts2-core | 0 |
| n/a | n/a | * |
Exploit Intelligence
- 20131017 [ANN] Struts 2.3.15.3 GA release available - security fix (circl)
- 1029077 (circl)
- 54919 (circl)
- 20130921 [ANN] Struts 2.3.15.2 GA release available - security fix (circl)
- http://struts.apache.org/release/2.3.x/docs/s2-018.html (circl)
- 56483 (circl)
- 64758 (circl)
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html (circl)
- 56492 (circl)
Timeline
- Sep 30, 2013 CVE Published
- May 5, 2014 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- 20131017 [ANN] Struts 2.3.15.3 GA release available - security fix mailing-list
- 1029077 vdb
- 54919 third-party-advisory
- 20130921 [ANN] Struts 2.3.15.2 GA release available - security fix mailing-list
- http://struts.apache.org/release/2.3.x/docs/s2-018.html url
- 56483 third-party-advisory
- 64758 vdb
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html url
- 56492 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-4310 advisory
- https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc url
- https://github.com/apache/struts package
- http://struts.apache.org/release/2.3.x/docs/s2-019.html advisory