VDB
CVE-2013-5767
CVE-2013-5767
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
EPSS 0.40% · 61.1th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.40%
61.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Exploit Intelligence
- Vulnerable environment of CVE-2013-2251 (S2-016) for testing (github-poc)
- Vulnerable environment of CVE-2013-2251 (S2-016) for testing (github-poc)
- Vulnerable environment of CVE-2013-2251 (S2-016) for testing (github-poc)
- Vulnerable environment of CVE-2013-2251 (S2-016) for testing (github-poc)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251 (circl)
- 98445 (circl)
- [oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0day (circl)
- http://archiva.apache.org/security.html (circl)
- http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html (circl)
- 1032916 (circl)
…and 25 more exploits
Timeline
- Jul 27, 2013 PoC Published
- Oct 16, 2013 CVE Published
- Jan 14, 2014 PoC Published
- Aug 20, 2015 PoC Published
- May 29, 2018 PoC Published
- Oct 15, 2020 PoC Published
- Oct 16, 2020 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
References
- http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html advisory
- http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html url
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html url
- apache-archiva-ognl-command-exec(90392) vdb
- 20131013 Apache Software Foundation A Subsite Remote command execution mailing-list
- http://cxsecurity.com/issue/WLB-2014010087 url
- 20131023 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products vendor-advisory
- http://struts.apache.org/release/2.3.x/docs/s2-016.html url
- http://archiva.apache.org/security.html url
- 98445 vdb
- 1032916 vdb
- 61189 vdb
- 1029184 vdb
- 64758 vdb
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html url
- [oss-security] 20140114 Re: CVE Request: Apache Archiva Remote Command Execution 0day mailing-list
- http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251 url