CVE-2013-2135

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 2.3.14.3

Description The issue is related to the implementation of the OGNL (Object-Graph Navigation Language) expression language class in the Apache Struts platform, which is associated with incorrect code generation management. This allows a remote attacker to execute arbitrary code by sending a specially crafted request that contains both "${}" and "%{}" sequences, causing the OGNL code to be evaluated twice.

Recommendations For Apache Struts versions prior to 2.3.14.3, update to version 2.3.14.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the OGNL expression language class to minimize the risk of exploitation. Avoid using the ${} and %{} sequences in requests until the issue is resolved.