Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

References

struts.apache.org/development/2.x/docs/s2-013.html

www.securityfocus.com/bid/60166

bugzilla.redhat.com/show_bug.cgi?id=967656

cwiki.apache.org/confluence/display/WW/S2-013

dsquare 1

cve 2

ubuntucve 1

osv 1

nvd 2

nessus 3

seebug 2

prion 2

github 1

checkpoint_advisories 1

zdt 1

packetstorm 1

openvas 3

cvelist 1

f5 1

huawei 1

ibm 9

wallarmlab 1

kitploit 1

dsquare

Apache-Struts IncludeParams < 2.3.14.1 RCE Linux

2013-05-22 00:00:00

cve

CVE-2013-1966

2013-07-10 19:55:04

CVE-2013-2115

2022-10-03 16:15:02

ubuntucve

CVE-2013-1966

2013-07-10 00:00:00

osv

Arbitrary code execution in Apache Struts

2022-05-14 00:54:15

nvd

CVE-2013-1966

2013-07-10 19:55:04

CVE-2013-2115

2013-07-10 19:55:04

nessus

Apache Struts 2.x < 2.3.14.2 Remote Code Execution Vulnerability (S2-013)

2018-09-11 00:00:00

Apache Struts 2.x < 2.3.14.2 Multiple Vulnerabilities (S2-014)

2018-09-10 00:00:00

Apache Struts 2 Crafted Parameter Arbitrary OGNL Expression Remote Command Execution

2013-06-19 00:00:00

seebug

Apache Struts2 includeParams属性远程命令执行漏洞(CVE-2013-1966)

2013-05-24 00:00:00

Apache Struts 'includeParams' 不完整修复安全绕过漏洞(CVE-2013-2115)

2013-05-30 00:00:00

prion

Code injection

2013-07-10 19:55:00

Code injection

2013-07-10 19:55:00

github

Arbitrary code execution in Apache Struts

2022-05-14 00:54:15

checkpoint_advisories

Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)

2013-06-04 00:00:00

zdt

Apache Struts includeParams Remote Code Execution

2013-06-03 00:00:00

packetstorm

Apache Struts includeParams Remote Code Execution

2013-06-02 00:00:00

openvas

Apache Struts Security Update (S2-013, S2-014) - Active Check

2013-07-23 00:00:00

Apache Struts Security Update (S2-013, S2-014) - Version Check

2021-09-14 00:00:00

Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities

2013-07-23 00:00:00

cvelist

CVE-2013-2115

2022-10-03 16:15:02

K10506844 : Apache Struts 2 vulnerabilities CVE-2013-1966, CVE-2013-2115, CVE-2013-2134, and CVE-2013-2135

2017-02-08 00:00:00

huawei

Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products

2013-07-30 00:00:00

ibm

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)

2022-09-26 22:21:32

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)

2023-03-29 01:48:02

Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)

2018-06-18 01:24:24

wallarmlab

New Struts2 Remote Code Execution exploit caught in the wild

2017-03-09 00:15:54

kitploit

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.1 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.4%

JSON

Related for CVELIST:CVE-2013-1966