Open redirect in Apache Struts

GHSA-rpj9-r897-wc6q · CVE-2013-2248

Published May 17, 2022 · Modified Dec 6, 2024

Description

The Struts 2 DefaultActionMapper used to support a method for short-circuit navigation state changes by prefixing parameters with "redirect:" or "redirectAction:", followed by a desired redirect target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. Attackers could use this to redirect to arbitrary web sites and conduct phishing attacks.

In Struts 2 before 2.3.15.1 the information following "redirect:" or "redirectAction:" can easily be manipulated to redirect to an arbitrary location.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-2248
WEB https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
WEB https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
PACKAGE https://github.com/apache/struts
WEB https://issues.apache.org/jira/browse/WW-4140
WEB http://struts.apache.org/release/2.3.x/docs/s2-017.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes