1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Apache Struts CVE-2013-2251 Code Execution

Attack: Apache Struts CVE-2013-2251 Code Execution

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an arbitrary code execution vulnerability in Apache Struts.

Additional Information

Apache Struts is a framework for building web applications.

The application is prone to multiple remote command-execution vulnerabilities. Specifically, these issues occur because the application fails to sanitize user-supplied input submitted to the 'action:', 'redirect:', and 'redirectAction:' parameters.

Affected

  • Apache Struts 2.0.0 prior to 2.3.15.1 are vulnerable.

Response

Updates are available. Please see the references or vendor advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube