VDB

JVNDB-2013-003469

JVNDB-2013-003469 PUBLISHED CVSS 9.300000190734863 CRITICAL

Apache Struts contains a remote command execution vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the developer published as S2-016 on July 16, 2013 Note that attacks leveraging this vulnerability have been confirmed. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Risk Scores

CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
n/an/an/a

Timeline

  • Jul 18, 2013 CVE Published
  • Jul 27, 2013 PoC Published
  • Jan 14, 2014 PoC Published
  • Aug 20, 2015 PoC Published
  • May 29, 2018 PoC Published
  • Oct 15, 2020 PoC Published
  • Oct 16, 2020 PoC Published
  • Jun 14, 2023 PoC Published
  • Dec 24, 2024 PoC Published
  • Feb 6, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Feb 23, 2025 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›