CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html	Patch
http://struts.apache.org/release/2.3.x/docs/s2-019.html	Patch Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	Third Party Advisory
http://www.securityfocus.com/bid/64758	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029078	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:struts:2.0.0:::::::*
	cpe:2.3:a:apache:struts:2.0.1:::::::*
	cpe:2.3:a:apache:struts:2.0.2:::::::*
	cpe:2.3:a:apache:struts:2.0.3:::::::*
	cpe:2.3:a:apache:struts:2.0.4:::::::*
	cpe:2.3:a:apache:struts:2.0.5:::::::*
	cpe:2.3:a:apache:struts:2.0.6:::::::*
	cpe:2.3:a:apache:struts:2.0.7:::::::*
	cpe:2.3:a:apache:struts:2.0.8:::::::*
	cpe:2.3:a:apache:struts:2.0.9:::::::*
	cpe:2.3:a:apache:struts:2.0.10:::::::*
	cpe:2.3:a:apache:struts:2.0.11:::::::*
	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
	cpe:2.3:a:apache:struts:2.0.12:::::::*
	cpe:2.3:a:apache:struts:2.0.13:::::::*
	cpe:2.3:a:apache:struts:2.0.14:::::::*
	cpe:2.3:a:apache:struts:2.1.0:::::::*
	cpe:2.3:a:apache:struts:2.1.1:::::::*
	cpe:2.3:a:apache:struts:2.1.2:::::::*
	cpe:2.3:a:apache:struts:2.1.3:::::::*
	cpe:2.3:a:apache:struts:2.1.4:::::::*
	cpe:2.3:a:apache:struts:2.1.5:::::::*
	cpe:2.3:a:apache:struts:2.1.6:::::::*
	cpe:2.3:a:apache:struts:2.1.8:::::::*
	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
	cpe:2.3:a:apache:struts:2.2.1:::::::*
	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
	cpe:2.3:a:apache:struts:2.2.3:::::::*
	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
	cpe:2.3:a:apache:struts:2.3.1:::::::*
	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
	cpe:2.3:a:apache:struts:2.3.3:::::::*
	cpe:2.3:a:apache:struts:2.3.4:::::::*
	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
	cpe:2.3:a:apache:struts:2.3.7:::::::*
	cpe:2.3:a:apache:struts:2.3.8:::::::*
	cpe:2.3:a:apache:struts:2.3.12:::::::*
	cpe:2.3:a:apache:struts:2.3.14:::::::*
	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
	cpe:2.3:a:apache:struts:2.3.15:::::::*
	cpe:2.3:a:apache:struts:2.3.15.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:flexcube_private_banking:1.7:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:2.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:3.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.0.2:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:webcenter_sites:11.1.1.6.1:::::::*
	cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:::::::*

History

No history.

Information

Published : 2013-09-30 21:55

Updated : 2024-02-28 12:00

NVD link : CVE-2013-4316

Mitre link : CVE-2013-4316

CVE.ORG link : CVE-2013-4316

JSON object : View

Products Affected

oracle

flexcube_private_banking
mysql_enterprise_monitor
webcenter_sites

apache

struts

CWE

CWE-16

Configuration

CWE-284

Improper Access Control

NVD-CWE-noinfo

10.0 /10