Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net


It is possible to perform a RCE attack when the namespace value isn't set for a result defined in underlying xml configurations and in the same time, its upper action(s) configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn't have value and action set and in the same time, its upper action(s) configurations have no or wildcard namespace. -- Apache Struts2 Team 2018 8 May 23, Apache Strust2 released the latest security Bulletin, the Apache Struts2 there is a remote code execution of high-risk vulnerability by Semmle Security Research team of security researchers reporting vulnerabilities number of CVE-2018-11776(S2-057 in. Struts2 in XML configuration, if the namespace value is not set and the Action Configuration is not set or wildcard namespace may lead to remote code execution. 0x01 vulnerability affect Affect Determining CVE-2018-11776 as a high-risk vulnerability. The actual scene there are some limitations that need to meet certain conditions. Impact version Struts 2.3 to 2.3.34 The Struts 2.5 to 2.5.16 Fix version The Struts 2.3.35 The Struts 2.5.17 0x02 vulnerability verification ! [](/Article/UploadPic/2018-8/2018823153240150. png) Incoming OGNL expression${2333+2333} ! [](/Article/UploadPic/2018-8/2018823153240244. png) Success with the execution of the function, and perform ! [](/Article/UploadPic/2018-8/2018823153240318. png) Returns the result to the URL 0x03 repair recommendations The official recommended to upgrade the Struts to 2. 3. 35 version or 2. 5. 17 version The updated version there are no compatibility issues 0x04 timeline 2018-08-22 vulnerability disclosure 2018-08-22 360CERT publish early warning analysis advertisement