CVE-2013-4310

CWE-264CWE-284Improper Access Control6 documents6 sources
Severity
5.8MEDIUM
EPSS
8.7%
top 7.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Struts
Timeline
PublishedSep 30
Latest updateMay 17

Description

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDapache/struts45 versions+44

Patches

Patch: archives.neohapsis.comPatch: struts.apache.orgPatch: archives.neohapsis.com

🔴Vulnerability Details

3
GHSA
Apache Struts2 Broken Access Control Vulnerability2022-05-17
OSV
Apache Struts2 Broken Access Control Vulnerability2022-05-17
CVEList
CVE-2013-4310: Apache Struts 22013-09-30

📋Vendor Advisories

1
Red Hat
struts: broken access control vulnerability2013-09-21

💬Community

1
Bugzilla
CVE-2013-4310 struts: broken access control vulnerability2013-09-27
CVE-2013-4310 (MEDIUM CVSS 5.8) | Apache Struts 2.0.0 through 2.3.15. | cvebase.io