Vulnerability CVE-2018-11776


Published: 2018-08-22

Description:
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

See advisories in our WLB2 database:
Topic
Author
Date
High
Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code Execution PoC
Man Yue Mo
23.08.2018
High
Apache Struts CVE-2018-11776 Exploit (python)
Mazin Ahmed
29.08.2018
High
Apache Struts 2 Namespace Redirect OGNL Injection
wvu
08.09.2018

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Apache -> Struts 

 References:
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105125
http://www.securitytracker.com/id/1041547
http://www.securitytracker.com/id/1041888
https://cwiki.apache.org/confluence/display/WW/S2-057
https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
https://lgtm.com/blog/apache_struts_CVE-2018-11776
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
https://security.netapp.com/advisory/ntap-20180822-0001/
https://security.netapp.com/advisory/ntap-20181018-0002/
https://www.exploit-db.com/exploits/45260/
https://www.exploit-db.com/exploits/45262/
https://www.exploit-db.com/exploits/45367/
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Copyright 2024, cxsecurity.com

 

Back to Top