CVSS: 10.0EPSS: 0%CPEs: 56EXPL: 0CVE-2013-4316
https://notcve.org/view.php?id=CVE-2013-4316
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Apache Struts 2.0.0 hasta la versión 2.3.15.1 habilita por defecto Dynamic Method Invocation, lo cual tiene un impacto y vectores de ataque desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html http://struts.apache.org/release/2.3.x/docs/s2-019.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securitytracker.com/id/1029078 • CWE-16: Configuration CWE-284: Improper Access Control •
CVSS: 5.8EPSS: 1%CPEs: 45EXPL: 0CVE-2013-4310
https://notcve.org/view.php?id=CVE-2013-4310
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. Apache Struts v2.0.0 hasta v2.3.15.1 permite a atacantes remotos evitar los controles de acceso a través de una acción manipulada: prefix. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2013-10/0083.html http://secunia.com/advisories/54919 http://secunia.com/advisories/56483 http://secunia.com/advisories/56492 http://struts.apache.org/release/2.3.x/docs/s2-018.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securitytracker.com/id/1029077 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 96%CPEs: 44EXPL: 1CVE-2013-2248 – Apache Struts 2.2.3 - Multiple Open Redirections
https://notcve.org/view.php?id=CVE-2013-2248
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix. Múltiples vulnerabilidades de redirección en Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing mediante una URL en un parámetro usando (1) redirect: o (2) redirectAction: Struts2 suffers from an open redirection vulnerability. Versions 2.0.0 through 2.3.15 are affected. • https://www.exploit-db.com/exploits/38666 http://struts.apache.org/release/2.3.x/docs/s2-017.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/61196 http://www.securityfocus.com/bid/64758 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 97%CPEs: 44EXPL: 3CVE-2013-2251 – Apache Struts Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2013-2251
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos ejecutar expresiones OGNL arbitrarias mediante un parámetro con una (1)acción:, (2) redirect:, o (3) redirectAction: Struts2 suffers from an OGNL injection vulnerability that allows for redirection. Versions 2.0.0 through 2.3.15 are affected. Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. • https://www.exploit-db.com/exploits/27135 https://www.exploit-db.com/exploits/44583 https://github.com/nth347/CVE-2013-2251 http://archiva.apache.org/security.html http://cxsecurity.com/issue/WLB-2014010087 http://osvdb.org/98445 http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2013/Oct/96 http://seclists.org/oss-sec/2014/q1/89 http://struts.apache.org/release/2.3.x/docs/s2-016.html http:&#x • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 94%CPEs: 1EXPL: 0CVE-2013-2135
https://notcve.org/view.php?id=CVE-2013-2135
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice. Apache Struts 2 anterior a v2.3.14.3 permite a atacantes remotos ejecutar código OGNL arbitrario mediante una solicitud con un valor especialmente diseñado que contiene las secuencias "${}" y "%{}", lo que produce que el código OGNL sea evaluado dos veces. • http://struts.apache.org/development/2.x/docs/s2-015.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/64758 https://cwiki.apache.org/confluence/display/WW/S2-015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •