What is CVE-2013-2115?

CVE-2013-2115 is a high-severity vulnerability in Apache Struts, classified under Code Injection. CVSS score: 8.1/10. Published 2013-07-10.

How severe is CVE-2013-2115?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2013-2115 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Apache Struts

CVE-2013-2115

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an inc…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.876 (99.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Apache Struts
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

60167 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_MISC, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2013-2115?: CVE-2013-2115 is a high-severity vulnerability in Apache Struts, classified under Code Injection. CVSS score: 8.1/10. Published 2013-07-10.
How severe is CVE-2013-2115?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2013-2115 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.