What is CVE-2013-2248?

CVE-2013-2248 is a vulnerability in Apache Struts, classified under Improper Input Validation. Published 2013-07-20.

Is CVE-2013-2248 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Struts

CVE-2013-2248

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectActio…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.920 (99.7th percentile) — read the EPSS interpretation.

Affected products

Apache Struts — versions 2.0.0, 2.0.1, 2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
61196 (vdb-entry, x_refsource_BID)
64758 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2013-2248?: CVE-2013-2248 is a vulnerability in Apache Struts, classified under Improper Input Validation. Published 2013-07-20.
Is CVE-2013-2248 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.