CVE-2013-2251

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.15

Description The issue is related to the improper sanitization of input data in the DefaultActionMapper mechanism of Apache Struts. This allows a remote attacker to execute arbitrary OGNL expressions by crafting parameters with specific prefixes, such as action:, redirect:, or redirectAction:. The vulnerability can be exploited to execute server-side code.

Recommendations For Apache Struts versions 2.0.0 through 2.3.15, update to a version later than 2.3.15.1 to resolve the issue. As a temporary workaround, consider restricting the use of parameters with the action:, redirect:, and redirectAction: prefixes to minimize the risk of exploitation.