5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.972 High
EPSS
Percentile
99.8%
The Struts 2 DefaultActionMapper used to support a method for short-circuit navigation state changes by prefixing parameters with “redirect:” or “redirectAction:”, followed by a desired redirect target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. Attackers could use this to redirect to arbitrary web sites and conduct phishing attacks.
In Struts 2 before 2.3.15.1 the information following “redirect:” or “redirectAction:” can easily be manipulated to redirect to an arbitrary location.
CPE | Name | Operator | Version |
---|---|---|---|
org.apache.struts:struts2-core | lt | 2.3.15.1 |
struts.apache.org/release/2.3.x/docs/s2-017.html
github.com/advisories/GHSA-rpj9-r897-wc6q
github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
issues.apache.org/jira/browse/WW-4140
nvd.nist.gov/vuln/detail/CVE-2013-2248