Red Hat Bugzilla – Bug 986184
CVE-2013-2248 Apache Struts 2 allows open redirects
Last modified: 2015-07-31 06:52:01 EDT
The Struts 2 DefaultActionMapper used to support a method for short-circuit navigation state changes by prefixing parameters with "redirect:" or "redirectAction:", followed by a desired redirect target expression. This mechanism was intended to help with attaching navigational information to buttons within forms.
In Struts 2 before 184.108.40.206 the information following "redirect:" or "redirectAction:" can easily be manipulated to redirect to an arbitrary location.
Upstream Advisory: http://struts.apache.org/release/2.3.x/docs/s2-017.html
Upstream bug: https://issues.apache.org/jira/browse/WW-4140
Upstream commit: https://svn.apache.org/viewvc?view=revision&revision=r1503127
Not Vulnerable. This issue only affects struts 2, it does not affect the versions of struts as shipped with various Red Hat products.