Apache Struts CVE-2013-2248 Input Validation Bypass Vulnerability
Description
The Struts 2 DefaultActionMapper used to support a method for short-circuit navigation state changes by prefixing parameters with "redirect:" or "redirectAction:", followed by a desired redirect target expression. This mechanism was intended to help with attaching navigational information to buttons within forms.
Affected Applications
Apache Struts