Описание
Open redirect in Apache Struts
The Struts 2 DefaultActionMapper used to support a method for short-circuit navigation state changes by prefixing parameters with "redirect:" or "redirectAction:", followed by a desired redirect target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. Attackers could use this to redirect to arbitrary web sites and conduct phishing attacks.
In Struts 2 before 2.3.15.1 the information following "redirect:" or "redirectAction:" can easily be manipulated to redirect to an arbitrary location.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-2248
- https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
- https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
- https://issues.apache.org/jira/browse/WW-4140
- http://struts.apache.org/release/2.3.x/docs/s2-017.html
Пакеты
org.apache.struts:struts2-core
< 2.3.15.1
2.3.15.1
Связанные уязвимости
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through ...
Уязвимость реализации механизма сопоставления действий DefaultActionMapper программной платформы Apache Struts, позволяющая нарушителю проводить фишинг-атаки