CVE-2013-2251
Published: 20 July 2013
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Notes
Author | Note |
---|---|
seth-arnold | Only affected Struts 2 The bulk of the patch appears to be in http://svn.apache.org/viewvc?view=revision&revision=1502979 I've reviewed libstruts1.2-java code and could not find analogous code in our codebase. |
Priority
Status
Package | Release | Status |
---|---|---|
libstruts1.2-java Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
upstream |
Not vulnerable
|