Critical severity9.8CISA KEVNVD Advisory· Published Jul 20, 2013· Updated Jun 16, 2026
CVE-2013-2251
CVE-2013-2251
Description
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.struts:struts2-coreMaven | < 2.3.15.1 | 2.3.15.1 |
Affected products
10cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
22- struts.apache.org/release/2.3.x/docs/s2-016.htmlnvdPatchWEB
- www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvdPatchThird Party AdvisoryWEB
- cxsecurity.com/issue/WLB-2014010087nvdExploitThird Party AdvisoryWEB
- packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB EntryWEB
- seclists.org/fulldisclosure/2013/Oct/96nvdExploitMailing ListThird Party AdvisoryWEB
- seclists.org/oss-sec/2014/q1/89nvdMailing ListThird Party AdvisoryWEB
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2nvdThird Party AdvisoryWEB
- www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.htmlnvdBroken LinkThird Party AdvisoryWEB
- www.securityfocus.com/bid/61189nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/64758nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1029184nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1032916nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/90392nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-47qp-8v9g-39hpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2251ghsaADVISORY
- archiva.apache.org/security.htmlnvdProductWEB
- osvdb.org/98445nvdBroken Link
- github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6ghsaWEB
- github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6eghsaWEB
- issues.apache.org/jira/browse/WW-4140ghsaWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceWEB
News mentions
0No linked articles in our index yet.