Apache Struts 2.x Remote Code Execution Vulnerability in 2.3 to 2.3.34 and 2.5 to 2.5.1
[CVEID]:CVE-2018-11776
[PRODUCT]:Apache Struts
[VERSION]:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16
[PROBLEMTYPE]:Remote Code Execution
[REFERENCES]:https://cwiki.apache.org/confluence/display/WW/S2-057
[DESCRIPTION]:Man Yue Mo from the Semmle Security Research team was
noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16
suffer from possible Remote Code Execution when using results with no
namespace and in same time, its upper action(s) have no or wildcard
namespace. Same possibility when using url tag which doesnat have value
and action set and in same time, its upper action(s) have no or wildcard
namespace.
# 0day.today [2018-08-28] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo