CVE-2013-2115
high
CVSS v3
8.1
CVSS v2
9.3
VIR risk
8.1
Description
Code injection in Apache Struts
Predictions
Exploit likelihood
88%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://cwiki.apache.org/confluence/display/WW/S2-014
Vendor advisory: secalert@redhat.com — http://struts.apache.org/development/2.x/docs/s2-014.html
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.struts:struts2-core | >=2.0.0,<2.3.14.2 | 2.3.14.2 |
| Maven | org.apache.struts.xwork:xwork-core | >=2.0.0,<2.3.14.2 | 2.3.14.2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | struts | {"startIncluding":"2.0.0","endIncluding":"2.3.14.1"} | |
References
- http://struts.apache.org/development/2.x/docs/s2-014.html
- http://www.securityfocus.com/bid/60167
- https://bugzilla.redhat.com/show_bug.cgi?id=967656
- https://cwiki.apache.org/confluence/display/WW/S2-014
- https://nvd.nist.gov/vuln/detail/CVE-2013-2115
- https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650
- https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d
- https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6
- https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474
- https://cwiki.apache.org/confluence/display/WW/S2-013
- https://github.com/apache/struts
- https://issues.apache.org/jira/browse/WW-4063
- https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.