Lucene search

K

Apache Struts 2.x Remote Code Execution Vulnerability

🗓️ 24 Aug 2018 00:00:00Reported by Man Yue MoType 
zdt
 zdt
🔗 0day.today👁 236 Views

Apache Struts 2.x Remote Code Execution Vulnerability in 2.3 to 2.3.34 and 2.5 to 2.5.1

Show more
Related
Code
[CVEID]:CVE-2018-11776
[PRODUCT]:Apache Struts
[VERSION]:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16
[PROBLEMTYPE]:Remote Code Execution
[REFERENCES]:https://cwiki.apache.org/confluence/display/WW/S2-057
[DESCRIPTION]:Man Yue Mo from the Semmle Security Research team was
noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16
suffer from possible Remote Code Execution when using results with no
namespace and in same time, its upper action(s) have no or wildcard
namespace. Same possibility when using url tag which doesnat have value
and action set and in same time, its upper action(s) have no or wildcard
namespace.

#  0day.today [2018-08-28]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Aug 2018 00:00Current
0.7Low risk
Vulners AI Score0.7
EPSS0.973
236
.json
Report