Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: CVE-2013-2251 Apache Struts 2.X OGNL Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CVE-2013-2251 Apache Struts 2.X OGNL Vulnerability

On July 16th, 2013 Apache announced a vulnerability affecting Struts 2.0.0 through 2.3.15 ( and recommended upgrading to (

This week I began to receive reports of scanning and exploitation of this vulnerability.  The first recorded exploit attempt was found from July 17th.  A metasploit module was released July 24th.  On August 12th I received a bulletin detailing exploit attempts targeting this vulnerability.

Kevin Liston

292 Posts
ISC Handler
Aug 16th 2013

Sign Up for Free or Log In to start participating in the conversation!