CVE-2013-1965

NUCLEI

Apache Struts 2.0.0-2.3.13 and Struts2-Showcase 2.0.0-2.3.13 - Remote Code Execution via OGNL Parameter Name Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1965. PoCs published by cinno. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Perl-based scanner for CVE-2013-1965, a vulnerability in Apache Struts 2. The script can scan multiple IPs, ports, and paths to detect vulnerable Struts 2 instances and potentially execute commands.

Description

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

Exploits (1)

nomisec SCANNER 1 stars

by cinno · poc

https://github.com/cinno/CVE-2013-1965

View Code ZIP pw:eip

This repository contains a Perl-based scanner for CVE-2013-1965, a vulnerability in Apache Struts 2. The script can scan multiple IPs, ports, and paths to detect vulnerable Struts 2 instances and potentially execute commands.

Classification

Scanner 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Struts 2

No auth needed

Prerequisites: Network access to the target · Apache Struts 2 instance with vulnerable configuration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache Struts2 S2-012 RCE

CRITICALby pikpikcu

Shodan: http.html:"apache struts" || http.title:"struts2 showcase" || http.html:"struts problem report"

FOFA: body="struts problem report" || title="struts2 showcase" || body="apache struts"

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

http://struts.apache.org/development/2.x/docs/s2-012.html

Third Party Advisory, VDB Entry x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=967655

Third Party Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/60082

Scores

EPSS 0.9179

EPSS Percentile 99.7%

Details

CWE

CWE-94

Status published

Products (3)

apache/struts 2.0.0 - 2.3.14.1

apache/struts2-showcase 2.0.0 - 2.3.13

org.apache.struts/struts2-core 0 - 2.3.14.3Maven

Published Jul 10, 2013

Tracked Since Feb 18, 2026