VDB

GSD-2013-2251

GSD-2013-2251 PUBLISHED CVSS 9.800000190734863 CRITICAL

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
n/an/an/a

Timeline

  • Jul 18, 2013 CVE Published
  • Jul 27, 2013 PoC Published
  • Jan 14, 2014 PoC Published
  • Aug 20, 2015 PoC Published
  • May 29, 2018 PoC Published
  • Oct 15, 2020 PoC Published
  • Oct 16, 2020 PoC Published
  • Jun 14, 2023 PoC Published
  • Dec 24, 2024 PoC Published
  • Feb 6, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Feb 23, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›