Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

CVE-2013-2251 Apache Struts 2.X OGNL Vulnerability

Published: 2013-08-16
Last Updated: 2013-08-16 17:23:53 UTC
by Kevin Liston (Version: 1)
0 comment(s)

On July 16th, 2013 Apache announced a vulnerability affecting Struts 2.0.0 through 2.3.15 (http://struts.apache.org/release/2.3.x/docs/s2-016.html) and recommended upgrading to 2.3.15.1 (http://struts.apache.org/download.cgi#struts23151).

This week I began to receive reports of scanning and exploitation of this vulnerability.  The first recorded exploit attempt was found from July 17th.  A metasploit module was released July 24th.  On August 12th I received a bulletin detailing exploit attempts targeting this vulnerability.

Keywords: CVE20132251 struts2
0 comment(s)
Diary Archives