Intrusion Prevention



This indicates an attack attempt to exploit a Code Execution vulnerability in Apache Struts OGNL expressions.
The vulnerability is due to flaw in OGNL when the vulnerable application is handling a Wildcard matching the action name of a HTTP request to the server. A remote attacker may be able to exploit this to execute arbitrary code execution within the context of the System, via a crafted HTTP request.

Affected Products

Apache Software Foundation Struts 2 prior to


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's website for suggested workaround.

CVE References

CVE-2013-2134 CVE-2013-2135