Description

A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks. A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request parameter of an URL or A tag , which will cause a further evaluation.

The issue was originally addressed by Struts 2.3.14.1 and Security Announcement S2-013. However, the solution introduced with 2.3.14.1 did not address all possible attack vectors, such that every version of Struts 2 before 2.3.14.2 is still vulnerable to such attacks.

Remediation

It is strongly recommended to upgrade to Struts 2.3.14.2, which contains the corrected OGNL and XWork library.

References

S2-014

Related Vulnerabilities

GibbonEdu Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-45880)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3946)

WordPress CVE-2011-4899 Vulnerability (CVE-2011-4899)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-0701)

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)

Severity

High

Classification

CVE-2013-1966 CVE-2013-2115 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities