Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2248Improper Input Validation in Apache Struts

CWE-20Improper Input Validation7 documents7 sources
Severity
5.8MEDIUMNVD
EPSS
92.0%
top 0.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Struts
Timeline
PublishedJul 20
Latest updateMay 17

Description

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDapache/struts44 versions+43

🔴Vulnerability Details

3
OSV
Open redirect in Apache Struts2022-05-17
GHSA
Open redirect in Apache Struts2022-05-17
CVEList
CVE-2013-2248: Multiple open redirect vulnerabilities in Apache Struts 22013-07-18

💥Exploits & PoCs

2
Exploit-DB
Apache Struts 2.2.3 - Multiple Open Redirections2013-07-16
Nuclei
Apache Struts - Multiple Open Redirection Vulnerabilities

💬Community

1
Bugzilla
CVE-2013-2248 Apache Struts 2 allows open redirects2013-07-19
CVE-2013-2248 — Improper Input Validation in Apache | cvebase