This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:APACHE:STRUTS-URIREDIRECT
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Apache Struts 2 Multiple URI Parameters Arbitrary Redirection
|
Release Date |
2013/07/22
|
Update Number |
2283
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Apache Struts 2 Multiple URI Parameters Arbitrary Redirection
This signature detects attempts to exploit a known vulnerability in Apache Struts 2. It is due to insufficient validation of user-supplied input. A successful attack could allow the attacker to redirect victims to malicious sites hosting exploits that may aid in further exploitation.
Extended Description
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
Affected Products
- Apache struts 2.0.0
- Apache struts 2.0.1
- Apache struts 2.0.10
- Apache struts 2.0.11
- Apache struts 2.0.11.1
- Apache struts 2.0.11.2
- Apache struts 2.0.12
- Apache struts 2.0.13
- Apache struts 2.0.14
- Apache struts 2.0.2
- Apache struts 2.0.3
- Apache struts 2.0.4
- Apache struts 2.0.5
- Apache struts 2.0.6
- Apache struts 2.0.7
- Apache struts 2.0.8
- Apache struts 2.0.9
- Apache struts 2.1.0
- Apache struts 2.1.1
- Apache struts 2.1.2
- Apache struts 2.1.3
- Apache struts 2.1.4
- Apache struts 2.1.5
- Apache struts 2.1.6
- Apache struts 2.1.8
- Apache struts 2.1.8.1
- Apache struts 2.2.1
- Apache struts 2.2.1.1
- Apache struts 2.2.3
- Apache struts 2.2.3.1
- Apache struts 2.3.1
- Apache struts 2.3.1.1
- Apache struts 2.3.12
- Apache struts 2.3.1.2
- Apache struts 2.3.14
- Apache struts 2.3.14.1
- Apache struts 2.3.14.2
- Apache struts 2.3.14.3
- Apache struts 2.3.15
- Apache struts 2.3.3
- Apache struts 2.3.4
- Apache struts 2.3.4.1
- Apache struts 2.3.7
- Apache struts 2.3.8
References