HTTP: Apache Struts 2 Multiple URI Parameters Arbitrary Redirection
This signature detects attempts to exploit a known vulnerability in Apache Struts 2. It is due to insufficient validation of user-supplied input. A successful attack could allow the attacker to redirect victims to malicious sites hosting exploits that may aid in further exploitation.
Extended Description
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
Affected Products
Apache struts
Short Name
HTTP:APACHE:STRUTS-URIREDIRECT
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
2 Apache Arbitrary CVE-2013-2248 Multiple Parameters Redirection Struts URI bid:61196
Release Date
07/22/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Apache
CVSS Score
5.8