CVE-2018-11776

Known Exploited Public Exploit

Description

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

8.1

CVSS

Severity: High

CVSS 3.1 •

CVSS 2.0 •

EPSS 94.43% Top 5%

KEV Since

Third-Party Advisory packetstormsecurity.com Third-Party Advisory arubanetworks.com Third-Party Advisory oracle.com Third-Party Advisory oracle.com Third-Party Advisory securityfocus.com Third-Party Advisory securitytracker.com Third-Party Advisory securitytracker.com Third-Party Advisory apache.org Third-Party Advisory github.com Third-Party Advisory lgtm.com Third-Party Advisory sonicwall.com Third-Party Advisory netapp.com Third-Party Advisory netapp.com Third-Party Advisory exploit-db.com Third-Party Advisory exploit-db.com Third-Party Advisory exploit-db.com Third-Party Advisory oracle.com Third-Party Advisory oracle.com

Affected: Apache Software Foundation Apache Struts

References

Link	Tags
http://www.securitytracker.com/id/1041888	vdb entry third party advisory broken link
https://www.exploit-db.com/exploits/45367/	exploit vdb entry third party advisory
https://www.exploit-db.com/exploits/45262/	exploit vdb entry third party advisory
http://www.securityfocus.com/bid/105125	vdb entry third party advisory broken link
http://www.securitytracker.com/id/1041547	vdb entry third party advisory broken link
https://www.exploit-db.com/exploits/45260/	exploit vdb entry third party advisory
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	mailing list
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	third party advisory patch
https://www.oracle.com/security-alerts/cpujul2020.html	third party advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	third party advisory patch
https://security.netapp.com/advisory/ntap-20181018-0002/	third party advisory
https://cwiki.apache.org/confluence/display/WW/S2-057	issue tracking third party advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012	third party advisory
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html	third party advisory patch
https://lgtm.com/blog/apache_struts_CVE-2018-11776	third party advisory exploit
https://security.netapp.com/advisory/ntap-20180822-0001/	third party advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt	mailing list third party advisory broken link
https://github.com/hook-s3c/CVE-2018-11776-Python-PoC	third party advisory exploit
http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html	vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2018-11776?: CVE-2018-11776 has been scored as a high severity vulnerability.
How to fix CVE-2018-11776?: To fix CVE-2018-11776, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-11776 being actively exploited in the wild?: It is confirmed that CVE-2018-11776 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~94% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-11776?: CVE-2018-11776 affects Apache Software Foundation Apache Struts.