VYPR
Critical severity9.8CISA KEVNVD Advisory· Published Jul 20, 2013· Updated Jun 16, 2026

CVE-2013-2251

CVE-2013-2251

Description

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.struts:struts2-coreMaven
< 2.3.15.12.3.15.1

Affected products

10
  • Apache/Archiva3 versions
    cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*range: >=1.3,<1.3.8
    • cpe:2.3:a:apache:archiva:1.2:-:*:*:*:*:*:*
    • cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
    Range: >=2.0.0,<=2.3.15
  • cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:fujitsu:interstage_business_process_manager_analytics:12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:siebel_apps_-_e-billing:6.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.3.15.1

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.