CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
apacheCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
apachestruts
2.0.4 ≤
𝑥
< 2.3.35
apachestruts
2.5.0 ≤
𝑥
< 2.5.17
netappactive_iq_unified_manager
7.3 ≤
netappactive_iq_unified_manager
9.5 ≤
netapponcommand_insight
-
netapponcommand_workflow_automation
-
netappsnapcenter
-
oraclecommunications_policy_management
𝑥
< 12.5.0
oracleenterprise_manager_base_platform
13.3.0.0
oracleenterprise_manager_base_platform
13.4.0.0
oraclemysql_enterprise_monitor
𝑥
≤ 3.4.9.4237
oraclemysql_enterprise_monitor
4.0.0 ≤
𝑥
≤ 4.0.6.5281
oraclemysql_enterprise_monitor
8.0.0 ≤
𝑥
≤ 8.0.2.8191
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libstruts1.2-java
bionic
dne
xenial
dne
trusty
dne
References
http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105125
http://www.securitytracker.com/id/1041547
http://www.securitytracker.com/id/1041888
https://cwiki.apache.org/confluence/display/WW/S2-057
https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
https://lgtm.com/blog/apache_struts_CVE-2018-11776
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
https://security.netapp.com/advisory/ntap-20180822-0001/
https://security.netapp.com/advisory/ntap-20181018-0002/
https://www.exploit-db.com/exploits/45260/
https://www.exploit-db.com/exploits/45262/
https://www.exploit-db.com/exploits/45367/
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105125
http://www.securitytracker.com/id/1041547
http://www.securitytracker.com/id/1041888
https://cwiki.apache.org/confluence/display/WW/S2-057
https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
https://lgtm.com/blog/apache_struts_CVE-2018-11776
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
https://security.netapp.com/advisory/ntap-20180822-0001/
https://security.netapp.com/advisory/ntap-20181018-0002/
https://www.exploit-db.com/exploits/45260/
https://www.exploit-db.com/exploits/45262/
https://www.exploit-db.com/exploits/45367/
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html