8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.976 High
EPSS
Percentile
100.0%
It is possible to perform a RCE attack when the namespace value isn’t set for a result defined in underlying xml configurations and in the same time, its upper action(s) configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn’t have value and action set and in the same time, its upper action(s) configurations have no or wildcard namespace. – Apache Struts2 Team
2018 8 May 23, Apache Strust2 released the latest security Bulletin, the Apache Struts2 there is a remote code execution of high-risk vulnerability by Semmle Security Research team of security researchers reporting vulnerabilities number of CVE-2018-11776(S2-057 in. Struts2 in XML configuration, if the namespace value is not set and the Action Configuration is not set or wildcard namespace may lead to remote code execution.
0x01 vulnerability affect
Affect
Determining CVE-2018-11776 as a high-risk vulnerability.
The actual scene there are some limitations that need to meet certain conditions.
Impact version
Struts 2.3 to 2.3.34
The Struts 2.5 to 2.5.16
Fix version
The Struts 2.3.35
The Struts 2.5.17
0x02 vulnerability verification
! [](/Article/UploadPic/2018-8/2018823153240150. png)
Incoming OGNL expression${2333+2333}
! [](/Article/UploadPic/2018-8/2018823153240244. png)
Success with the execution of the function, and perform
! [](/Article/UploadPic/2018-8/2018823153240318. png)
Returns the result to the URL
0x03 repair recommendations
The official recommended to upgrade the Struts to 2. 3. 35 version or 2. 5. 17 version
The updated version there are no compatibility issues
0x04 timeline
2018-08-22 vulnerability disclosure
2018-08-22 360CERT publish early warning analysis advertisement
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.976 High
EPSS
Percentile
100.0%