cve/2013/CVE-2013-4316.md

CVE-2013-4316

Description

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

POC

Reference

• http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Github

• https://github.com/20142995/pocsuite3
• https://github.com/ARPSyndicate/cvemon
• https://github.com/SexyBeast233/SecBooks
• https://github.com/brunsu/woodswiki
• https://github.com/fupinglee/Struts2_Bugs
• https://github.com/ice0bear14h/struts2scan
• https://github.com/woods-sega/woodswiki