CVE-2013-2251

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Severity	CRITICAL
CVSS	9.8
CWE	CWE-74
KEV	KEV (added 4 years ago)
Published	12 years ago
Modified	3 weeks ago

Related Products

Product	Advisory	Evidence
Cisco Unified SIP Proxy	cisco-sa-20131023-struts2	Cisco OpenVuln
Cisco Unified Contact Center Enterprise	cisco-sa-20131023-struts2	Cisco OpenVuln
Cisco Unified Contact Center	cisco-sa-20131023-struts2	Cisco OpenVuln
Cisco MXE 3500 (Media Experience Engine)	cisco-sa-20131023-struts2	Cisco OpenVuln
Cisco Identity Services Engine Software	cisco-sa-20131023-struts2	Cisco OpenVuln
Cisco Business Edition 3000 Software	cisco-sa-20131023-struts2	Cisco OpenVuln