Vulnerability Description
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Struts | >= 2.0.0, < 2.3.14.1 |
| Apache | Struts2-Showcase | >= 2.0.0, <= 2.3.13 |
Related Weaknesses (CWE)
References
- http://struts.apache.org/development/2.x/docs/s2-012.htmlVendor Advisory
- http://www.securityfocus.com/bid/60082Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=967655Third Party AdvisoryVDB Entry
- http://struts.apache.org/development/2.x/docs/s2-012.htmlVendor Advisory
- http://www.securityfocus.com/bid/60082Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=967655Third Party AdvisoryVDB Entry
FAQ
What is CVE-2013-1965?
CVE-2013-1965 is a vulnerability with a CVSS score of 9.3 (HIGH). Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled w...
How severe is CVE-2013-1965?
CVE-2013-1965 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1965?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Struts, Apache Struts2-Showcase.