CVE-2013-2248 Scanner
CVE-2013-2248 scanner - Open Redirect vulnerability in Apache Struts
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
URL
Toolbox
-
Apache Struts is an open-source web application framework used for developing Java EE web applications. It is widely used by developers due to its scalability, extensibility, and ease of use. The framework was designed to make the development process more efficient and straightforward, providing a large library of pre-built components that developers can use to construct web applications. The framework is widely adopted by many popular websites including LinkedIn, Lockheed Martin, the IRS, and Vodafone.
CVE-2013-2248 is one of the most critical vulnerabilities detected in Apache Struts. This vulnerability allows hackers to conduct open redirect attacks, which can result in phishing attacks and users being redirected to malicious websites. The vulnerability exists in Struts 2.0.0 through 2.3.15 and can be exploited by attackers by injecting malicious code into a parameter in the URL, using either the "redirect:" or "redirectAction:" prefix.
When exploited, this vulnerability can lead to serious consequences, such as users being redirected to phishing sites and their personal information being stolen. Attackers can also use this vulnerability to inject malware into the user's system or even take control of their device. As a result, users can suffer financial loss, identity theft, and many other disturbing consequences.
At s4e.io, we are committed to helping our users stay informed about the latest vulnerabilities and threats that could put their digital assets at risk. With our pro features, users can quickly and easily learn about vulnerabilities in their digital assets and take action to prevent attacks. Our platform offers multiple security features such as web and mobile application scanners, online vulnerability assessment tools, risk management solutions, and much more. By taking advantage of our innovative security solutions, users can stay ahead of security threats and protect their digital assets from cyber-attacks.
REFERENCES
- http://struts.apache.org/release/2.3.x/docs/s2-017.html
- http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
- http://www.securityfocus.com/bid/61196
- http://www.securityfocus.com/bid/64758
