CVE-2013-4316
EPSS 6.2%Code injection in Apache Struts
發布日:2022/5/17修改日:2024/12/6
描述
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
受影響套件(2)
- Maven/org.apache.struts:struts2-core>= 2.0.0, < 2.3.15.2
- Maven/org.apache.struts:struts2-rest-plugin>= 2.0.0, < 2.3.15.2
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4316
- PATCHhttps://github.com/apache/struts
- WEBhttp://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
- WEBhttps://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1
- WEBhttps://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4
- WEBhttp://struts.apache.org/release/2.3.x/docs/s2-019.html