CVE-2013-2115

HIGH

Apache Struts 2.0.0-2.3.14.1 - Remote Code Execution via OGNL Injection in URL/A Tag

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-2115. PoCs published by Metasploit, Coverity security Research Laboratory, NSFOCUS Security Team, Eric Kobrin, Douglas Rodrigues, including Metasploit module exploits/multi/http/struts_include_params.

AI-analyzed exploit summary This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions < 2.3.14.2 by injecting arbitrary OGNL code into the stack, bypassing Struts and OGNL library protections. It supports multiple platforms (Windows, Linux, Java) and uses HTTP GET or POST requests to upload and execute payloads.

Description

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/25980

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions < 2.3.14.2 by injecting arbitrary OGNL code into the stack, bypassing Struts and OGNL library protections. It supports multiple platforms (Windows, Linux, Java) and uses HTTP GET or POST requests to upload and execute payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts < 2.3.14.2
No auth needed
Prerequisites: Vulnerable Apache Struts application accessible via HTTP · Network connectivity to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GREAT
by Coverity security Research Laboratory, NSFOCUS Security Team, Eric Kobrin, Douglas Rodrigues · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/struts_include_params.rb

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions < 2.3.14.2 by injecting arbitrary OGNL code into the stack, bypassing Struts and OGNL library protections. It supports multiple platforms (Windows, Linux, Java) and uses HTTP GET or POST requests to upload and execute payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Struts < 2.3.14.2
No auth needed
Prerequisites: Vulnerable Apache Struts application · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/60167
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=967656
Vendor Advisory x_refsource_confirm
http://struts.apache.org/development/2.x/docs/s2-014.html

Scores

CVSS v3 8.1
EPSS 0.8761
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (3)
apache/struts 2.0.0 - 2.3.14.1
org.apache.struts/struts2-core 2.0.0 - 2.3.14.2Maven
org.apache.struts.xwork/xwork-core 2.0.0 - 2.3.14.2Maven
Published Jul 10, 2013
Tracked Since Feb 18, 2026