CVE-2013-2248

NUCLEI

Apache Struts 2.0.0-2.3.15 - Open Redirect via redirect: or redirectAction: Prefix

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2248. PoCs published by Takeshi Terada. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes an open-redirection vulnerability in Apache Struts versions prior to 2.3.15.1. It includes example URLs demonstrating how an attacker could exploit the vulnerability by crafting URIs with malicious redirect parameters.

Description

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Takeshi Terada · textremotemultiple

https://www.exploit-db.com/exploits/38666

View Code ZIP pw:eip

The provided text describes an open-redirection vulnerability in Apache Struts versions prior to 2.3.15.1. It includes example URLs demonstrating how an attacker could exploit the vulnerability by crafting URIs with malicious redirect parameters.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Apache Struts 2.0.0 to 2.3.15

No auth needed

Prerequisites: Victim interaction required to follow a crafted URL

MITRE ATT&CK

T1505 - Server Software Component T1566.002 - Spearphishing Link

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache Struts - Multiple Open Redirection Vulnerabilities

MEDIUMby 0x_Akoko

Shodan: http.html:"apache struts" || http.title:"struts2 showcase" || http.html:"struts problem report"

FOFA: body="struts problem report" || title="struts2 showcase" || body="apache struts"

References (6)

Core 6

Core References

Various Sources x_refsource_confirm

http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html

Vendor Advisory x_refsource_confirm

http://struts.apache.org/release/2.3.x/docs/s2-017.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61196

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/64758

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Scores

EPSS 0.9195

EPSS Percentile 99.7%

Details

CWE

CWE-20

Status published

Products (45)

apache/struts 2.0.0

apache/struts 2.0.1

apache/struts 2.0.2

apache/struts 2.0.3

apache/struts 2.0.4

apache/struts 2.0.5

apache/struts 2.0.6

apache/struts 2.0.7

apache/struts 2.0.8

apache/struts 2.0.9

... and 35 more

Published Jul 20, 2013

Tracked Since Feb 18, 2026