Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2013-2248

Good to know:

icon
icon

Date: July 17, 2013

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

Language: Java

Severity Score

Related Resources (12)

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://github.com/apache/struts
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/61196
http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
https://nvd.nist.gov/vuln/detail/CVE-2013-2248
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
https://issues.apache.org/jira/browse/WW-4140
https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
http://struts.apache.org/release/2.3.x/docs/s2-017.html
https://www.mend.io/vulnerability-database/CVE-2013-2248

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version 2.3.15.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us