CVE-2013-4316

Published: Sep 30, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

Affected (56)

Products: Apache: Struts · Oracle: Flexcube Private Banking, Mysql Enterprise Monitor, Webcenter Sites

1 product

3 products

Flexcube Private Banking

Mysql Enterprise Monitor

Webcenter Sites

Configuration A

45 vulnerable

Vulnerable Software	Affected Versions
Apache Struts	Version 2.0.0
Apache Struts	Version 2.0.10
Apache Struts	Version 2.0.11.1
Apache Struts	Version 2.0.11.2
Apache Struts	Version 2.0.11
Apache Struts	Version 2.0.12
Apache Struts	Version 2.0.13
Apache Struts	Version 2.0.14
Apache Struts	Version 2.0.1
Apache Struts	Version 2.0.2
Apache Struts	Version 2.0.3
Apache Struts	Version 2.0.4
Apache Struts	Version 2.0.5
Apache Struts	Version 2.0.6
Apache Struts	Version 2.0.7
Apache Struts	Version 2.0.8
Apache Struts	Version 2.0.9
Apache Struts	Version 2.1.0
Apache Struts	Version 2.1.1
Apache Struts	Version 2.1.2
Apache Struts	Version 2.1.3
Apache Struts	Version 2.1.4
Apache Struts	Version 2.1.5
Apache Struts	Version 2.1.6
Apache Struts	Version 2.1.8.1
Apache Struts	Version 2.1.8
Apache Struts	Version 2.2.1.1
Apache Struts	Version 2.2.1
Apache Struts	Version 2.2.3.1
Apache Struts	Version 2.2.3
Apache Struts	Version 2.3.1.1
Apache Struts	Version 2.3.1.2
Apache Struts	Version 2.3.12
Apache Struts	Version 2.3.14.1
Apache Struts	Version 2.3.14.2
Apache Struts	Version 2.3.14.3
Apache Struts	Version 2.3.14
Apache Struts	Version 2.3.15.1
Apache Struts	Version 2.3.15
Apache Struts	Version 2.3.1
Apache Struts	Version 2.3.3
Apache Struts	Version 2.3.4.1
Apache Struts	Version 2.3.4
Apache Struts	Version 2.3.7
Apache Struts	Version 2.3.8

Configuration B

11 vulnerable

Vulnerable Software	Affected Versions
Oracle Flexcube Private Banking	Version 1.7
Oracle Flexcube Private Banking	Version 12.0.1
Oracle Flexcube Private Banking	Version 12.0.2
Oracle Flexcube Private Banking	Version 2.0.1
Oracle Flexcube Private Banking	Version 2.0
Oracle Flexcube Private Banking	Version 2.2.0.1
Oracle Flexcube Private Banking	Version 3.0
Oracle Mysql Enterprise Monitor	Up to 2.3.14
Oracle Mysql Enterprise Monitor	Up to 3.0.4
Oracle Webcenter Sites	Version 11.1.1.6.1
Oracle Webcenter Sites	Version 11.1.1.8.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (10)

http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html

Source: secalert@redhat.com

Patch

http://struts.apache.org/release/2.3.x/docs/s2-019.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/64758

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029078

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://struts.apache.org/release/2.3.x/docs/s2-019.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/64758

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029078

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.