CVE-2013-1965

NUCLEI

Apache Struts < 2.3.14.1 - Code Injection

Title source: rule

Description

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

Exploits (1)

nomisec SCANNER 1 stars

by cinno · poc

https://github.com/cinno/CVE-2013-1965

View Code ZIP pw:eip

Nuclei Templates (1)

Apache Struts2 S2-012 RCE

CRITICALby pikpikcu

Shodan: http.html:"apache struts" || http.title:"struts2 showcase" || http.html:"struts problem report"

FOFA: body="struts problem report" || title="struts2 showcase" || body="apache struts"

References (3)

[Vendor Advisory] http://struts.apache.org/development/2.x/docs/s2-012.html

[Third Party Advisory] http://www.securityfocus.com/bid/60082

[Third Party Advisory, VDB Entry] https://bugzilla.redhat.com/show_bug.cgi?id=967655

Scores

EPSS 0.9179

EPSS Percentile 99.7%

Details

CWE

CWE-94

Status published

Products (3)

apache/struts 2.0.0 - 2.3.14.1

apache/struts2-showcase 2.0.0 - 2.3.13

org.apache.struts/struts2-core 0 - 2.3.14.3Maven

Published Jul 10, 2013

Tracked Since Feb 18, 2026