cvelistv5 - cve-2018-11776

CVE-2018-11776 (GCVE-0-2018-11776)

Vulnerability from cvelistv5

Published

2018-08-22 13:00

Modified

2025-07-30 01:46

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Remote Code Execution

Summary

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

References

►

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache Struts	Version: 2.3 to 2.3.34 Version: 2.5 to 2.5.16

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2022-05-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-11776

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:17:09.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041888",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041888"
          },
          {
            "name": "45367",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45367/"
          },
          {
            "name": "45262",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45262/"
          },
          {
            "name": "105125",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105125"
          },
          {
            "name": "1041547",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041547"
          },
          {
            "name": "45260",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45260/"
          },
          {
            "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-11776",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T21:01:33.678556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:46:12.611Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2018-11776 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Struts",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.3 to 2.3.34"
            },
            {
              "status": "affected",
              "version": "2.5 to 2.5.16"
            }
          ]
        }
      ],
      "datePublic": "2018-08-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T00:00:00.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "1041888",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1041888"
        },
        {
          "name": "45367",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/45367/"
        },
        {
          "name": "45262",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/45262/"
        },
        {
          "name": "105125",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/105125"
        },
        {
          "name": "1041547",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1041547"
        },
        {
          "name": "45260",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/45260/"
        },
        {
          "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
        },
        {
          "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
        },
        {
          "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
        },
        {
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
        },
        {
          "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
        },
        {
          "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-11776",
    "datePublished": "2018-08-22T13:00:00.000Z",
    "dateReserved": "2018-06-05T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:46:12.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2018-11776",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776",
      "product": "Struts",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn\u0027t set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace.  Or, using URL tag which doesn\u0027t have value and action set and in same time, its upper package configuration have no or wildcard namespace.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache Struts Remote Code Execution Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11776\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-08-22T13:29:00.753\",\"lastModified\":\"2025-03-13T21:01:25.353\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace.\"},{\"lang\":\"es\",\"value\":\"Apache Struts, desde la versi\u00f3n 2.3 hasta la 2.3.34 y desde la versi\u00f3n 2.5 hasta la 2.5.16, sufre de una posible ejecuci\u00f3n remota de c\u00f3digo cuando el valor de alwaysSelectFullNamespace es \\\"true\\\" (establecido por el usuario o por un plugin como Convention Plugin). Adem\u00e1s, los resultados se emplean sin ning\u00fan espacio de nombres y, al mismo tiempo, el paquete superior no tiene espacio de nombres o contiene caracteres comod\u00edn. De manera similar a como pasa con los resultados, existe la misma posibilidad al emplear la etiqueta url, que no tiene un valor y acci\u00f3n definidos y, adem\u00e1s, su paquete superior no tiene espacio de nombres o contiene caracteres comod\u00edn.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apache Struts Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.4\",\"versionEndExcluding\":\"2.3.35\",\"matchCriteriaId\":\"688F84A7-B698-4343-9F7B-FD68B2218035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.17\",\"matchCriteriaId\":\"0D66D46C-389B-4C37-9EEE-6301774719FA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.3\",\"matchCriteriaId\":\"BD075607-09B7-493E-8611-66D041FFDA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"9.5\",\"matchCriteriaId\":\"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_policy_management:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.5.0\",\"matchCriteriaId\":\"0E8AF73E-8AC6-4F65-A6F0-DBB2CC7A613F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7582B307-3899-4BBB-B868-BC912A4D0109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.4.9.4237\",\"matchCriteriaId\":\"8A94B32D-6B5F-4E42-8345-4F9126A89435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.6.5281\",\"matchCriteriaId\":\"EF71D94F-EFC5-4390-A380-AC0E5DB05516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.2.8191\",\"matchCriteriaId\":\"33EFAF19-A639-47AD-9CDC-D174C91F0F00\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\",\"Broken Link\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105125\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041547\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041888\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cwiki.apache.org/confluence/display/WW/S2-057\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lgtm.com/blog/apache_struts_CVE-2018-11776\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180822-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181018-0002/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45260/\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45262/\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45367/\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\",\"Broken Link\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cwiki.apache.org/confluence/display/WW/S2-057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lgtm.com/blog/apache_struts_CVE-2018-11776\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180822-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181018-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45260/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45262/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45367/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securitytracker.com/id/1041888\", \"name\": \"1041888\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/45367/\", \"name\": \"45367\", \"tags\": [\"exploit\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/45262/\", \"name\": \"45262\", \"tags\": [\"exploit\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/105125\", \"name\": \"105125\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1041547\", \"name\": \"1041547\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/45260/\", \"name\": \"45260\", \"tags\": [\"exploit\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20200131 Apache Software Foundation Security Report: 2019\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20181018-0002/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cwiki.apache.org/confluence/display/WW/S2-057\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lgtm.com/blog/apache_struts_CVE-2018-11776\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180822-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T08:17:09.231Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-11776\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T21:01:33.678556Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-11776\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T21:00:58.746Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00+00:00\", \"value\": \"CVE-2018-11776 added to CISA KEV\"}]}], \"cna\": {\"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Struts\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3 to 2.3.34\"}, {\"status\": \"affected\", \"version\": \"2.5 to 2.5.16\"}]}], \"datePublic\": \"2018-08-22T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securitytracker.com/id/1041888\", \"name\": \"1041888\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/45367/\", \"name\": \"45367\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.exploit-db.com/exploits/45262/\", \"name\": \"45262\", \"tags\": [\"exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/105125\", \"name\": \"105125\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041547\", \"name\": \"1041547\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/45260/\", \"name\": \"45260\", \"tags\": [\"exploit\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20200131 Apache Software Foundation Security Report: 2019\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20181018-0002/\"}, {\"url\": \"https://cwiki.apache.org/confluence/display/WW/S2-057\"}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html\"}, {\"url\": \"https://lgtm.com/blog/apache_struts_CVE-2018-11776\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180822-0001/\"}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt\"}, {\"url\": \"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC\"}, {\"url\": \"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Remote Code Execution\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-06-12T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-11776\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-28T19:48:28.536Z\", \"dateReserved\": \"2018-06-05T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2018-08-22T13:00:00.000Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2018-11776

Vulnerability from fkie_nvd

Published

2018-08-22 13:29

Modified

2025-03-13 21:01

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
security@apache.org	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt	Mailing List, Third Party Advisory, Broken Link
security@apache.org	http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html	Patch, Third Party Advisory
security@apache.org	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch, Third Party Advisory
security@apache.org	http://www.securityfocus.com/bid/105125	Broken Link, Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1041547	Broken Link, Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1041888	Broken Link, Third Party Advisory, VDB Entry
security@apache.org	https://cwiki.apache.org/confluence/display/WW/S2-057	Issue Tracking, Third Party Advisory
security@apache.org	https://github.com/hook-s3c/CVE-2018-11776-Python-PoC	Exploit, Third Party Advisory
security@apache.org	https://lgtm.com/blog/apache_struts_CVE-2018-11776	Exploit, Third Party Advisory
security@apache.org	https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	Mailing List
security@apache.org	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012	Third Party Advisory
security@apache.org	https://security.netapp.com/advisory/ntap-20180822-0001/	Third Party Advisory
security@apache.org	https://security.netapp.com/advisory/ntap-20181018-0002/	Third Party Advisory
security@apache.org	https://www.exploit-db.com/exploits/45260/	Exploit, Third Party Advisory, VDB Entry
security@apache.org	https://www.exploit-db.com/exploits/45262/	Exploit, Third Party Advisory, VDB Entry
security@apache.org	https://www.exploit-db.com/exploits/45367/	Exploit, Third Party Advisory, VDB Entry
security@apache.org	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
security@apache.org	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt	Mailing List, Third Party Advisory, Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105125	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041547	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041888	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cwiki.apache.org/confluence/display/WW/S2-057	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/hook-s3c/CVE-2018-11776-Python-PoC	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lgtm.com/blog/apache_struts_CVE-2018-11776	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20180822-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20181018-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45260/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45262/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45367/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
apache	struts	*
apache	struts	*
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	snapcenter	-
oracle	communications_policy_management	*
oracle	enterprise_manager_base_platform	13.3.0.0
oracle	enterprise_manager_base_platform	13.4.0.0
oracle	mysql_enterprise_monitor	*
oracle	mysql_enterprise_monitor	*
oracle	mysql_enterprise_monitor	*

JSON

To clipboard

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Apache Struts Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "688F84A7-B698-4343-9F7B-FD68B2218035",
              "versionEndExcluding": "2.3.35",
              "versionStartIncluding": "2.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D66D46C-389B-4C37-9EEE-6301774719FA",
              "versionEndExcluding": "2.5.17",
              "versionStartIncluding": "2.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8AF73E-8AC6-4F65-A6F0-DBB2CC7A613F",
              "versionEndExcluding": "12.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A94B32D-6B5F-4E42-8345-4F9126A89435",
              "versionEndIncluding": "3.4.9.4237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF71D94F-EFC5-4390-A380-AC0E5DB05516",
              "versionEndIncluding": "4.0.6.5281",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33EFAF19-A639-47AD-9CDC-D174C91F0F00",
              "versionEndIncluding": "8.0.2.8191",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace."
    },
    {
      "lang": "es",
      "value": "Apache Struts, desde la versi\u00f3n 2.3 hasta la 2.3.34 y desde la versi\u00f3n 2.5 hasta la 2.5.16, sufre de una posible ejecuci\u00f3n remota de c\u00f3digo cuando el valor de alwaysSelectFullNamespace es \"true\" (establecido por el usuario o por un plugin como Convention Plugin). Adem\u00e1s, los resultados se emplean sin ning\u00fan espacio de nombres y, al mismo tiempo, el paquete superior no tiene espacio de nombres o contiene caracteres comod\u00edn. De manera similar a como pasa con los resultados, existe la misma posibilidad al emplear la etiqueta url, que no tiene un valor y acci\u00f3n definidos y, adem\u00e1s, su paquete superior no tiene espacio de nombres o contiene caracteres comod\u00edn."
    }
  ],
  "id": "CVE-2018-11776",
  "lastModified": "2025-03-13T21:01:25.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2018-08-22T13:29:00.753",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory",
        "Broken Link"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105125"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041547"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041888"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45260/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45262/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45367/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory",
        "Broken Link"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45260/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45262/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45367/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-cr6j-3jp9-rw65

Vulnerability from github

Published

2018-10-18 19:24

Modified

2024-07-25 20:16

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Details

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.3.34"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "2.3.35"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.5.16"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5"
            },
            {
              "fixed": "2.5.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-11776"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:32:43Z",
    "nvd_published_at": "2018-08-22T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "Apache Struts contains a Remote Code Execution when using results with no namespace and it\u0027s upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set,  and it\u0027s upper actions have no or wildcard namespace.",
  "id": "GHSA-cr6j-3jp9-rw65",
  "modified": "2024-07-25T20:16:22Z",
  "published": "2018-10-18T19:24:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45367"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45262"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45260"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20181018-0002"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180822-0001"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/struts"
    },
    {
      "type": "WEB",
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105125"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041547"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041888"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Struts vulnerable to remote command execution (RCE) due to improper input validation"
}

cisco-sa-20180823-apache-struts

Vulnerability from csaf_cisco

Published

2018-08-23 20:00

Modified

2018-09-17 18:52

Summary

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

Notes

Summary

A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action. In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing. If successful, the attacker could execute arbitrary code in the security context of the affected application on the targeted system. The following Snort rules can be used to detect possible exploitation of this vulnerability: Snort SID 29639, 39190, 39191, and 47634 This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts"]

Affected Products

The Vulnerable Products ["#vulnerable"] section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool ["https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases. Any product or service not listed in the Vulnerable Products ["#vulnerable"] section of this advisory is to be considered not vulnerable.

Vulnerable Products

Vulnerable products marked with an asterisk (*) contain an affected Struts library, but due to how the library is used within the product, these products are not vulnerable to any of the exploitation vectors known to Cisco at the time of publication. The following table lists Cisco products that are affected by the vulnerability that is described in this advisory: Product Cisco Bug ID Fixed Release Availability Collaboration and Social Media Cisco SocialMiner * CSCvk78903 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78903"] Patch available 11-Sept-2018 Endpoint Clients and Client Software Cisco Prime Service Catalog * CSCvm13989 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13989"] Network and Content Security Devices Cisco Identity Services Engine (ISE) CSCvm14030 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14030"] Patch file available 31-Aug-2018 Voice and Unified Communications Devices Cisco Emergency Responder * CSCvm14044 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14044"] 1151es (21-Sep-2018) Standalone COP (21-Sep-2018) Cisco Finesse * CSCvk78905 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78905"] Patch file available 7-Sept-2018. Cisco Hosted Collaboration Solution for Contact Center * CSCvm14052 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14052"] Patch file available 12-Sep-2018 Cisco MediaSense * CSCvk78906 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78906"] Patch file available 12-Sep-2018 Cisco Unified Communications Manager * CSCvm14042 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14042"] 1151es and 1201es (14-Sep-2018) Standalone COP (20-Sep-2018) Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) * CSCvm14049 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14049"] 1151es and 1201es (21-Sep-2018) Standalone COP (20-Sep-2018) Cisco Unified Contact Center Enterprise * CSCvm13986 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986"] Patch file available 12-Sept-2018 Cisco Unified Contact Center Enterprise - Live Data server * CSCvk78902 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78902"] Patch file available 7-Sept-2018 Cisco Unified Contact Center Express * CSCvm21744 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm21744"] Patch file available 12-Sep-2018 Cisco Unified Intelligence Center * CSCvm13984 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13984"] Patch file available 12-Sep-2018 Cisco Unified Intelligent Contact Management Enterprise * CSCvm13986 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986"] Patch file available 12-Sept-2018 Cisco Unified SIP Proxy Software * CSCvm13980 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13980"] 918es (28-Sep-2018) Cisco Unified Survivable Remote Site Telephony Manager * CSCvm13979 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13979"] Patch file available 12-Sep-2018 Cisco Unity Connection * CSCvm14043 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14043"] 1151es and 1201su (18-Sep-2018) Standalone COP (21-Sep-2018) Cisco Virtualized Voice Browser * CSCvm14056 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14056"] Patch file available 12-Sep-2018 Video, Streaming, TelePresence, and Transcoding Devices Cisco Video Distribution Suite for Internet Streaming (VDS-IS) * CSCvm14027 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14027"] 2.3.35 (15-Sept-2018) Cisco Cloud Hosted Services Cisco Network Performance Analysis CSCvm14040 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14040"]

Products Confirmed Not Vulnerable

Only products and services listed in the Vulnerable Products ["#vulnerable"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following products and services. All members of the product families in the following list are not considered to be affected by this vulnerability unless they are explicitly listed in the preceding Vulnerable Products ["#vulnerable"] section: Cable Modems Cisco 3G Femtocell Wireless Network Application, Service, and Acceleration Cisco Data Center Network Manager Network and Content Security Devices Cisco Secure Access Control System (ACS) Network Management and Provisioning Cisco MXE 3500 Series Media Experience Engines Cisco Prime Access Registrar Cisco Prime Central for Service Providers Cisco Prime Collaboration Assurance Cisco Prime Collaboration Provisioning Cisco Prime Infrastructure Cisco Prime LAN Management Solution - Solaris Cisco Prime License Manager Cisco Prime Network Registrar IP Address Manager (IPAM) Cisco Prime Network Cisco Prime Order Management Cisco Prime Provisioning Cisco Security Manager Cisco Smart Net Total Care - Local Collector appliance Routing and Switching - Enterprise and Service Provider Cisco Broadband Access Center for Telco and Wireless Voice and Unified Communications Devices Cisco Enterprise Chat and Email Cisco Hosted Collaboration Mediation Fulfillment Cisco Unified Customer Voice Portal Cisco Unified E-Mail Interaction Manager Cisco Unified Web Interaction Manager Cisco Unity Express Video, Streaming, TelePresence, and Transcoding Devices Cisco Enterprise Content Delivery System (ECDS) Cisco Expressway Series Cisco TelePresence Video Communication Server (VCS) Cisco Cloud Hosted Services Cisco Business Video Services Automation Software Cisco Cloud Web Security Cisco Deployment Automation Tool Cisco Network Device Security Assessment Service Cisco Services Provisioning Platform Cisco Smart Net Total Care - Contracts Information System Process Controller Cisco Smart Net Total Care Cisco Unified Service Delivery Platform Cisco Webex Meeting Center - Windows Cisco Webex Meeting Center Cisco Webex Network-Based Recording (NBR) Management Cisco Webex Teams (formerly Cisco Spark) Cloud and Managed Services Program (CMSP)

Workarounds

Any workarounds for a specific Cisco product or service will be documented in product-specific or service-specific Cisco bugs, which are identified in the Vulnerable Products ["#vulnerable"] section of this advisory.

Fixed Software

For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products ["#vulnerable"] section of this advisory. Questions concerning the Cisco Webex environment can be directed to the Cisco Technical Assistance Center (TAC). When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco TAC or their contracted maintenance providers.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is aware of attempted exploitation of this vulnerability.

Source

On August 22, 2018, the Apache Software Foundation publicly disclosed this vulnerability in a security bulletin at the following link: https://cwiki.apache.org/confluence/display/WW/S2-057 ["https://cwiki.apache.org/confluence/display/WW/S2-057"]

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "On August 22, 2018, the Apache Software Foundation publicly disclosed this vulnerability in a security bulletin at the following link: https://cwiki.apache.org/confluence/display/WW/S2-057 [\"https://cwiki.apache.org/confluence/display/WW/S2-057\"]"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.\r\n\r\nThe vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action. In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing. If successful, the attacker could execute arbitrary code in the security context of the affected application on the targeted system.\r\nThe following  Snort rules can be used to detect possible exploitation of this  vulnerability: Snort SID 29639, 39190, 39191, and 47634\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts\"]",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "The Vulnerable Products [\"#vulnerable\"] section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool [\"https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID\"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases.\r\n\r\nAny product or service not listed in the Vulnerable Products [\"#vulnerable\"] section of this advisory is to be considered not vulnerable.",
        "title": "Affected Products"
      },
      {
        "category": "general",
        "text": "Vulnerable products marked with an asterisk (*) contain an affected Struts library, but due to how the library is used within the product, these products are not vulnerable to any of the exploitation vectors known to Cisco at the time of publication.\r\n\r\nThe following table lists Cisco products that are affected by the vulnerability that is described in this advisory:\r\n                                Product              Cisco Bug ID              Fixed Release Availability                                  Collaboration and Social Media                                  Cisco SocialMiner *              CSCvk78903 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78903\"]              Patch available 11-Sept-2018                                  Endpoint Clients and Client Software                                  Cisco Prime Service Catalog *              CSCvm13989 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13989\"]                                                Network and Content Security Devices                                  Cisco Identity Services Engine (ISE)              CSCvm14030 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14030\"]              Patch file available 31-Aug-2018                                  Voice and Unified Communications Devices                                  Cisco Emergency Responder *              CSCvm14044 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14044\"]              1151es (21-Sep-2018)\r\nStandalone COP (21-Sep-2018)                                  Cisco Finesse *              CSCvk78905 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78905\"]              Patch file available 7-Sept-2018.                                  Cisco Hosted Collaboration Solution for Contact Center *              CSCvm14052 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14052\"]              Patch file available 12-Sep-2018                                  Cisco MediaSense *              CSCvk78906 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78906\"]              Patch file available 12-Sep-2018                                  Cisco Unified Communications Manager *              CSCvm14042 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14042\"]              1151es and 1201es (14-Sep-2018)\r\nStandalone COP (20-Sep-2018)                                  Cisco Unified Communications Manager IM \u0026 Presence Service (formerly CUPS) *              CSCvm14049 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14049\"]              1151es and 1201es (21-Sep-2018)\r\nStandalone COP (20-Sep-2018)                                  Cisco Unified Contact Center Enterprise *              CSCvm13986 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986\"]              Patch file available 12-Sept-2018                                  Cisco Unified Contact Center Enterprise - Live Data server *              CSCvk78902 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78902\"]              Patch file available 7-Sept-2018                                  Cisco Unified Contact Center Express *              CSCvm21744 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm21744\"]              Patch file available 12-Sep-2018                                  Cisco Unified Intelligence Center *              CSCvm13984 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13984\"]              Patch file available 12-Sep-2018                                  Cisco Unified Intelligent Contact Management Enterprise *              CSCvm13986 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986\"]              Patch file available 12-Sept-2018                                  Cisco Unified SIP Proxy Software *              CSCvm13980 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13980\"]              918es (28-Sep-2018)                                  Cisco Unified Survivable Remote Site Telephony Manager *              CSCvm13979 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13979\"]              Patch file available 12-Sep-2018                                  Cisco Unity Connection *              CSCvm14043 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14043\"]              1151es and 1201su  (18-Sep-2018)\r\nStandalone COP (21-Sep-2018)                                  Cisco Virtualized Voice Browser *              CSCvm14056 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14056\"]              Patch file available 12-Sep-2018                                  Video, Streaming, TelePresence, and Transcoding Devices                                  Cisco Video Distribution Suite for Internet Streaming (VDS-IS) *              CSCvm14027 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14027\"]              2.3.35 (15-Sept-2018)                                  Cisco Cloud Hosted Services                                  Cisco Network Performance Analysis              CSCvm14040 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14040\"]",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products and services listed in the Vulnerable Products [\"#vulnerable\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following products and services. All members of the product families in the following list are not considered to be affected by this vulnerability unless they are explicitly listed in the preceding Vulnerable Products [\"#vulnerable\"] section:\r\n  Cable Modems\r\n\r\nCisco 3G Femtocell Wireless\r\nNetwork Application, Service, and Acceleration\r\n\r\nCisco Data Center Network Manager\r\nNetwork and Content Security Devices\r\n\r\nCisco Secure Access Control System (ACS)\r\nNetwork Management and Provisioning\r\n\r\nCisco MXE 3500 Series Media Experience Engines\r\nCisco Prime Access Registrar\r\nCisco Prime Central for Service Providers\r\nCisco Prime Collaboration Assurance\r\nCisco Prime Collaboration Provisioning\r\nCisco Prime Infrastructure\r\nCisco Prime LAN Management Solution - Solaris\r\nCisco Prime License Manager\r\nCisco Prime Network Registrar IP Address Manager (IPAM)\r\nCisco Prime Network\r\nCisco Prime Order Management\r\nCisco Prime Provisioning\r\nCisco Security Manager\r\nCisco Smart Net Total Care - Local Collector appliance\r\nRouting and Switching - Enterprise and Service Provider\r\n\r\nCisco Broadband Access Center for Telco and Wireless\r\nVoice and Unified Communications Devices\r\n\r\nCisco Enterprise Chat and Email\r\nCisco Hosted Collaboration Mediation Fulfillment\r\nCisco Unified Customer Voice Portal\r\nCisco Unified E-Mail Interaction Manager\r\nCisco Unified Web Interaction Manager\r\nCisco Unity Express\r\nVideo, Streaming, TelePresence, and Transcoding Devices\r\n\r\nCisco Enterprise Content Delivery System (ECDS)\r\nCisco Expressway Series\r\nCisco TelePresence Video Communication Server (VCS)\r\nCisco Cloud Hosted Services\r\n\r\nCisco Business Video Services Automation Software\r\nCisco Cloud Web Security\r\nCisco Deployment Automation Tool\r\nCisco Network Device Security Assessment Service\r\nCisco Services Provisioning Platform\r\nCisco Smart Net Total Care - Contracts Information System Process Controller\r\nCisco Smart Net Total Care\r\nCisco Unified Service Delivery Platform\r\nCisco Webex Meeting Center - Windows\r\nCisco Webex Meeting Center\r\nCisco Webex Network-Based Recording (NBR) Management\r\nCisco Webex Teams (formerly Cisco Spark)\r\nCloud and Managed Services Program (CMSP)",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "Any workarounds for a specific Cisco product or service will be documented in product-specific or service-specific Cisco bugs, which are identified in the Vulnerable Products [\"#vulnerable\"] section of this advisory.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products [\"#vulnerable\"] section of this advisory. Questions concerning the Cisco Webex environment can be directed to the Cisco Technical Assistance Center (TAC).\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco TAC or their contracted maintenance providers.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is aware of attempted exploitation of this vulnerability.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "On August 22, 2018, the Apache Software Foundation publicly disclosed this vulnerability in a security bulletin at the following link: https://cwiki.apache.org/confluence/display/WW/S2-057 [\"https://cwiki.apache.org/confluence/display/WW/S2-057\"]",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
      "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts"
      },
      {
        "category": "external",
        "summary": "Cisco Bug Search Tool",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"
      },
      {
        "category": "external",
        "summary": "CSCvk78903",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78903"
      },
      {
        "category": "external",
        "summary": "CSCvm13989",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13989"
      },
      {
        "category": "external",
        "summary": "CSCvm14030",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14030"
      },
      {
        "category": "external",
        "summary": "CSCvm14044",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14044"
      },
      {
        "category": "external",
        "summary": "CSCvk78905",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78905"
      },
      {
        "category": "external",
        "summary": "CSCvm14052",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14052"
      },
      {
        "category": "external",
        "summary": "CSCvk78906",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78906"
      },
      {
        "category": "external",
        "summary": "CSCvm14042",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14042"
      },
      {
        "category": "external",
        "summary": "CSCvm14049",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14049"
      },
      {
        "category": "external",
        "summary": "CSCvm13986",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986"
      },
      {
        "category": "external",
        "summary": "CSCvk78902",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78902"
      },
      {
        "category": "external",
        "summary": "CSCvm21744",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm21744"
      },
      {
        "category": "external",
        "summary": "CSCvm13984",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13984"
      },
      {
        "category": "external",
        "summary": "CSCvm13986",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986"
      },
      {
        "category": "external",
        "summary": "CSCvm13980",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13980"
      },
      {
        "category": "external",
        "summary": "CSCvm13979",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13979"
      },
      {
        "category": "external",
        "summary": "CSCvm14043",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14043"
      },
      {
        "category": "external",
        "summary": "CSCvm14056",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14056"
      },
      {
        "category": "external",
        "summary": "CSCvm14027",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14027"
      },
      {
        "category": "external",
        "summary": "CSCvm14040",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14040"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories and Alerts page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "https://cwiki.apache.org/confluence/display/WW/S2-057",
        "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
      }
    ],
    "title": "Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018",
    "tracking": {
      "current_release_date": "2018-09-17T18:52:00+00:00",
      "generator": {
        "date": "2022-09-03T03:40:59+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-20180823-apache-struts",
      "initial_release_date": "2018-08-23T20:00:00+00:00",
      "revision_history": [
        {
          "date": "2018-08-23T19:59:24+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2018-08-24T18:48:43+00:00",
          "number": "1.1.0",
          "summary": "Added Snort SIDs. Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-08-28T19:24:34+00:00",
          "number": "1.2.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-08-28T22:00:08+00:00",
          "number": "1.3.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-08-29T20:51:13+00:00",
          "number": "1.4.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable, updated the awareness of exploitation attempts."
        },
        {
          "date": "2018-08-30T18:31:56+00:00",
          "number": "1.5.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-08-31T15:43:54+00:00",
          "number": "1.6.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-09-04T16:05:47+00:00",
          "number": "1.7.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-09-05T16:11:33+00:00",
          "number": "1.8.0",
          "summary": "Updated the lists of vulnerable products and products confirmed not vulnerable. Removed references to ongoing investigation."
        },
        {
          "date": "2018-09-06T18:05:26+00:00",
          "number": "1.9.0",
          "summary": "Updated the software availability information for vulnerable products."
        },
        {
          "date": "2018-09-10T16:27:12+00:00",
          "number": "1.10.0",
          "summary": "Updated the list of vulnerable products; in the previous version the asterisk was inadvertently omitted."
        },
        {
          "date": "2018-09-13T14:38:05+00:00",
          "number": "1.11.0",
          "summary": "Updated the software availability information for vulnerable products."
        },
        {
          "date": "2018-09-17T18:52:00+00:00",
          "number": "1.12.0",
          "summary": "Updated the software availability information for vulnerable products."
        }
      ],
      "status": "final",
      "version": "1.12.0"
    }
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-11776",
      "notes": [
        {
          "category": "general",
          "text": "No additional information for this vulneraiblity is currently avaialbe.",
          "title": "No Notes"
        }
      ],
      "release_date": "2018-08-22T16:23:00+00:00",
      "remediations": [
        {
          "category": "none_available",
          "details": "No remediation is available at this time."
        }
      ],
      "title": "Apache Struts Namespace Remote Code Execution Vulnerability"
    }
  ]
}

gsd-2018-11776

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-11776

Aliases

CVE-2018-11776

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11776",
    "description": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace.",
    "id": "GSD-2018-11776",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-11776.html",
      "https://packetstormsecurity.com/files/cve/CVE-2018-11776"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11776"
      ],
      "details": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace.",
      "id": "GSD-2018-11776",
      "modified": "2023-12-13T01:22:42.752506Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2018-11776",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "product": "Struts",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 contain a vulnerability which can allow for remote code execution.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2018-08-22T00:00:00",
        "ID": "CVE-2018-11776",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Struts",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.3 to 2.3.34"
                        },
                        {
                          "version_value": "2.5 to 2.5.16"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1041888",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041888"
          },
          {
            "name": "45367",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45367/"
          },
          {
            "name": "45262",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45262/"
          },
          {
            "name": "105125",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105125"
          },
          {
            "name": "1041547",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041547"
          },
          {
            "name": "45260",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45260/"
          },
          {
            "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "refsource": "CONFIRM",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
          },
          {
            "name": "https://cwiki.apache.org/confluence/display/WW/S2-057",
            "refsource": "CONFIRM",
            "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
          },
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
          },
          {
            "name": "https://lgtm.com/blog/apache_struts_CVE-2018-11776",
            "refsource": "MISC",
            "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20180822-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
          },
          {
            "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt",
            "refsource": "CONFIRM",
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
          },
          {
            "name": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC",
            "refsource": "MISC",
            "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
          },
          {
            "name": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.3.1,2.3.34],[2.5.0,2.5.16]",
          "affected_versions": "All versions starting from 2.3.1 up to 2.3.34, all versions starting from 2.5.0 up to 2.5.16",
          "credit": "Man Yue Mo from the Semmle Security Research team",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2020-01-31",
          "description": "Apache Struts suffers from RCE when `alwaysSelectFullNamespace` is true (either by user or a plugin like Convention Plugin).",
          "fixed_versions": [
            "2.3.35",
            "2.5.17"
          ],
          "identifier": "CVE-2018-11776",
          "identifiers": [
            "CVE-2018-11776"
          ],
          "not_impacted": "All versions before 2.3.1, all versions after 2.3.34 before 2.5.0, all versions after 2.5.16",
          "package_slug": "maven/org.apache.struts/struts2-core",
          "pubdate": "2018-08-22",
          "solution": "Upgrade to versions 2.3.35, 2.5.17 or above.",
          "title": "Remote Code Execution",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-11776",
            "http://www.securityfocus.com/bid/105125",
            "http://www.securitytracker.com/id/1041547",
            "http://www.securitytracker.com/id/1041888",
            "https://cwiki.apache.org/confluence/display/WW/S2-057",
            "https://www.exploit-db.com/exploits/45260/",
            "https://www.exploit-db.com/exploits/45262/",
            "https://www.exploit-db.com/exploits/45367/",
            "https://access.redhat.com/security/cve/CVE-2018-11776",
            "https://struts.apache.org/docs/s2-057.html"
          ],
          "uuid": "10851920-6674-4061-bf61-9ca71fbce9b0"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.16",
                "versionStartIncluding": "2.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.34",
                "versionStartIncluding": "2.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2018-11776"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cwiki.apache.org/confluence/display/WW/S2-057",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180822-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
            },
            {
              "name": "1041547",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041547"
            },
            {
              "name": "105125",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105125"
            },
            {
              "name": "https://lgtm.com/blog/apache_struts_CVE-2018-11776",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
            },
            {
              "name": "45262",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45262/"
            },
            {
              "name": "45260",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45260/"
            },
            {
              "name": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
            },
            {
              "name": "45367",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45367/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
            },
            {
              "name": "1041888",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041888"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-06-12T07:15Z",
      "publishedDate": "2018-08-22T13:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-11776 (GCVE-0-2018-11776)

Vulnerability from cvelistv5

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

fkie_cve-2018-11776

Vulnerability from fkie_nvd

ghsa-cr6j-3jp9-rw65

Vulnerability from github

cisco-sa-20180823-apache-struts

Vulnerability from csaf_cisco

gsd-2018-11776

Vulnerability from gsd

Tags

Sightings

Nomenclature