Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn’t have value and action set and in same time, its upper action(s) have no or wildcard namespace. (CVE-2018-11776)

Impact

There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq4.6.0
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-ip afmeq11.5.1
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	4.6.0
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2011

zdt 4

ibm 8

threatpost 20

dsquare 1

nessus 7

packetstorm 3

exploitpack 1

redhatcve 1

talosblog 1

osv 2

metasploit 1

cisco 1

openvas 3

kitploit 5

nuclei 1

qualysblog 3

prion 1

veracode 1

akamaiblog 1

myhack58 3

checkpoint_advisories 1

github 2

ubuntucve 1

attackerkb 3

trendmicroblog 1

impervablog 2

krebs 1

cisa_kev 1

cve 1

exploitdb 1

githubexploit 3

thn 3

rapid7blog 1

fireeye 1

oracle 3

zdt

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Exploit

2018-08-28 00:00:00

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Exploit

2018-08-28 00:00:00

Apache Struts 2 Namespace Redirect OGNL Injection Exploit

2018-09-08 00:00:00

ibm

Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

2018-11-12 12:55:02

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center

2018-09-25 13:15:02

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer

2018-09-25 13:15:02

threatpost

Slack Plugs Token Security Hole

2016-04-30 07:25:42

Audit of GitHub SSH Keys Finds Many Still Vulnerable to Old Debian Bug

2015-06-03 07:37:04

Army Research Lab Releases Dshell Forensics Framework

2015-01-30 10:59:44

dsquare

Apache Struts 2 Multiple Tags Result Namespace Handling RCE

2018-10-20 00:00:00

nessus

Apache Struts CVE-2018-11776 Results With No Namespace Remote Code Execution (S2-057) (remote)

2018-08-23 00:00:00

Cisco Unified Communication Manager Apache Struts RCE (CSCvm14042)

2018-09-05 00:00:00

Apache Struts CVE-2018-11776 Results With No Namespace Possible Remote Code Execution (S2-057)

2018-08-22 00:00:00

packetstorm

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-26 00:00:00

Apache Struts 2 Namespace Redirect OGNL Injection

2018-09-07 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-25 00:00:00

exploitpack

Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)

2018-08-26 00:00:00

redhatcve

CVE-2018-11776

2018-08-22 08:49:33

talosblog

Connecting the dots between recently active cryptominers

2018-12-18 08:33:00

osv

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

CVE-2018-11776

2018-08-22 13:29:00

metasploit

Apache Struts 2 Namespace Redirect OGNL Injection

2018-08-31 18:48:22

cisco

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

2018-08-23 20:00:00

openvas

Huawei Data Communication: Apache Struts2 S2-057 Remote Code Execution Vulnerability in Some Huawei Products (huawei-sa-20181121-01-struts2)

2020-06-05 00:00:00

Apache Struts Security Update (S2-057) - Version Check

2018-08-23 00:00:00

Apache Struts Security Update (S2-057) - Active Check

2018-08-27 00:00:00

kitploit

Mitaka - A Browser Extension For OSINT Search

2019-09-21 12:00:00

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

2018-08-26 21:14:00

Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

2019-05-12 13:09:00

nuclei

Apache Struts2 S2-057 - Remote Code Execution

2021-02-24 04:29:30

qualysblog

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

2018-08-27 18:32:33

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

2018-08-23 20:27:19

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

prion

Remote code execution

2018-08-22 13:29:00

veracode

Remote Code Execution (RCE)

2018-08-22 17:36:38

akamaiblog

Web Application and API Protection -- From SQL Injection to Magecart

2020-09-09 13:00:00

myhack58

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

Apache Struts OGNL injection vulnerability principle with an example-vulnerability warning-the black bar safety net

2019-03-30 00:00:00

S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

checkpoint_advisories

Apache Struts Remote Code Execution (CVE-2018-11776)

2018-08-23 00:00:00

github

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

ubuntucve

CVE-2018-11776

2018-08-22 00:00:00

attackerkb

CVE-2018-11776

2018-08-22 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

CVE-2022-26134

2022-07-13 00:00:00

trendmicroblog

Server Security for the Modern IT Ecosystem

2019-01-03 15:30:46

impervablog

Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776

2018-08-23 14:25:36

The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice

2018-09-26 16:18:36

krebs

Experts Urge Rapid Patching of ‘Struts’ Bug

2018-08-23 20:22:35

cisa_kev

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

cve

CVE-2018-11776

2018-08-22 13:29:00

exploitdb

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)

2018-08-26 00:00:00

githubexploit

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

thn

Cisco Issues Security Patch Updates for 32 Flaws in its Products

2018-09-06 08:45:00

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

2018-08-22 14:04:00

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

2021-08-23 13:27:00

rapid7blog

Active Exploitation of Confluence CVE-2022-26134

2022-06-02 23:27:15

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Oracle Critical Patch Update - October 2018

2018-12-18 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for F5:K60499474