CVE-2013-1965

Name of the Vulnerable Software and Affected Versions Apache Struts Showcase App versions 2.0.0 through 2.3.13 Struts 2 versions prior to 2.3.14.3

Description The issue is related to improper handling of code generation, allowing remote attackers to execute arbitrary OGNL code via a crafted parameter name when invoking a redirect. This can be exploited by a remote attacker using a specially crafted parameter name.

Recommendations For Apache Struts Showcase App versions 2.0.0 through 2.3.13, update to version 2.3.14.3 or later. For Struts 2 versions prior to 2.3.14.3, update to version 2.3.14.3 or later. As a temporary workaround, consider restricting access to the redirect functionality until a patch is available.