CVE-2013-2134

EXPLOITED

Apache Struts 2.0.0-2.3.14.2 - Remote Code Execution via OGNL Expression in Action Name

Title source: llm

Exploitation Summary

CVE-2013-2134 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Jon Passki.

AI-analyzed exploit summary This exploit demonstrates an OGNL expression injection vulnerability in Apache Struts, allowing remote attackers to execute arbitrary commands by manipulating server-side objects via crafted URL parameters.

Description

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jon Passki · textremotemultiple

https://www.exploit-db.com/exploits/38549

View Code ZIP pw:eip

This exploit demonstrates an OGNL expression injection vulnerability in Apache Struts, allowing remote attackers to execute arbitrary commands by manipulating server-side objects via crafted URL parameters.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache Struts 2.0.0 through 2.3.14.3

No auth needed

Prerequisites: Access to a vulnerable Apache Struts application

MITRE ATT&CK