HomePentest-Tools.com Logo

Apache Struts2 S2-012 RCE CVE-2013-1965

Severity
CVSSv3 Score
9.3
Vulnerability description

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Developers should immediately upgrade to Struts 2.3.14.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jul 10, 2013
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available