Apache Struts CVE-2013-2251 Input Validation Bypass Vulnerability
Description
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms.
Affected Applications
Apache Struts