Arbitrary OGNL Expression Execution in Apache Struts 2.0.0 - 2.3.15

Arbitrary OGNL Expression Execution in Apache Struts 2.0.0 - 2.3.15

CVE-2013-2251 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Learn more about our Web Application Penetration Testing UK.