cisco-sa-20180823-apache-struts
Vulnerability from csaf_cisco
Published
2018-08-23 20:00
Modified
2018-09-17 18:52
Summary
Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

Notes

Summary
A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action. In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing. If successful, the attacker could execute arbitrary code in the security context of the affected application on the targeted system. The following Snort rules can be used to detect possible exploitation of this vulnerability: Snort SID 29639, 39190, 39191, and 47634 This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts"]
Affected Products
The Vulnerable Products ["#vulnerable"] section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool ["https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases. Any product or service not listed in the Vulnerable Products ["#vulnerable"] section of this advisory is to be considered not vulnerable.
Vulnerable Products
Vulnerable products marked with an asterisk (*) contain an affected Struts library, but due to how the library is used within the product, these products are not vulnerable to any of the exploitation vectors known to Cisco at the time of publication. The following table lists Cisco products that are affected by the vulnerability that is described in this advisory: Product Cisco Bug ID Fixed Release Availability Collaboration and Social Media Cisco SocialMiner * CSCvk78903 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78903"] Patch available 11-Sept-2018 Endpoint Clients and Client Software Cisco Prime Service Catalog * CSCvm13989 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13989"] Network and Content Security Devices Cisco Identity Services Engine (ISE) CSCvm14030 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14030"] Patch file available 31-Aug-2018 Voice and Unified Communications Devices Cisco Emergency Responder * CSCvm14044 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14044"] 1151es (21-Sep-2018) Standalone COP (21-Sep-2018) Cisco Finesse * CSCvk78905 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78905"] Patch file available 7-Sept-2018. Cisco Hosted Collaboration Solution for Contact Center * CSCvm14052 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14052"] Patch file available 12-Sep-2018 Cisco MediaSense * CSCvk78906 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78906"] Patch file available 12-Sep-2018 Cisco Unified Communications Manager * CSCvm14042 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14042"] 1151es and 1201es (14-Sep-2018) Standalone COP (20-Sep-2018) Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) * CSCvm14049 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14049"] 1151es and 1201es (21-Sep-2018) Standalone COP (20-Sep-2018) Cisco Unified Contact Center Enterprise * CSCvm13986 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986"] Patch file available 12-Sept-2018 Cisco Unified Contact Center Enterprise - Live Data server * CSCvk78902 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78902"] Patch file available 7-Sept-2018 Cisco Unified Contact Center Express * CSCvm21744 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm21744"] Patch file available 12-Sep-2018 Cisco Unified Intelligence Center * CSCvm13984 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13984"] Patch file available 12-Sep-2018 Cisco Unified Intelligent Contact Management Enterprise * CSCvm13986 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986"] Patch file available 12-Sept-2018 Cisco Unified SIP Proxy Software * CSCvm13980 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13980"] 918es (28-Sep-2018) Cisco Unified Survivable Remote Site Telephony Manager * CSCvm13979 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13979"] Patch file available 12-Sep-2018 Cisco Unity Connection * CSCvm14043 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14043"] 1151es and 1201su (18-Sep-2018) Standalone COP (21-Sep-2018) Cisco Virtualized Voice Browser * CSCvm14056 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14056"] Patch file available 12-Sep-2018 Video, Streaming, TelePresence, and Transcoding Devices Cisco Video Distribution Suite for Internet Streaming (VDS-IS) * CSCvm14027 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14027"] 2.3.35 (15-Sept-2018) Cisco Cloud Hosted Services Cisco Network Performance Analysis CSCvm14040 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14040"]
Products Confirmed Not Vulnerable
Only products and services listed in the Vulnerable Products ["#vulnerable"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following products and services. All members of the product families in the following list are not considered to be affected by this vulnerability unless they are explicitly listed in the preceding Vulnerable Products ["#vulnerable"] section: Cable Modems Cisco 3G Femtocell Wireless Network Application, Service, and Acceleration Cisco Data Center Network Manager Network and Content Security Devices Cisco Secure Access Control System (ACS) Network Management and Provisioning Cisco MXE 3500 Series Media Experience Engines Cisco Prime Access Registrar Cisco Prime Central for Service Providers Cisco Prime Collaboration Assurance Cisco Prime Collaboration Provisioning Cisco Prime Infrastructure Cisco Prime LAN Management Solution - Solaris Cisco Prime License Manager Cisco Prime Network Registrar IP Address Manager (IPAM) Cisco Prime Network Cisco Prime Order Management Cisco Prime Provisioning Cisco Security Manager Cisco Smart Net Total Care - Local Collector appliance Routing and Switching - Enterprise and Service Provider Cisco Broadband Access Center for Telco and Wireless Voice and Unified Communications Devices Cisco Enterprise Chat and Email Cisco Hosted Collaboration Mediation Fulfillment Cisco Unified Customer Voice Portal Cisco Unified E-Mail Interaction Manager Cisco Unified Web Interaction Manager Cisco Unity Express Video, Streaming, TelePresence, and Transcoding Devices Cisco Enterprise Content Delivery System (ECDS) Cisco Expressway Series Cisco TelePresence Video Communication Server (VCS) Cisco Cloud Hosted Services Cisco Business Video Services Automation Software Cisco Cloud Web Security Cisco Deployment Automation Tool Cisco Network Device Security Assessment Service Cisco Services Provisioning Platform Cisco Smart Net Total Care - Contracts Information System Process Controller Cisco Smart Net Total Care Cisco Unified Service Delivery Platform Cisco Webex Meeting Center - Windows Cisco Webex Meeting Center Cisco Webex Network-Based Recording (NBR) Management Cisco Webex Teams (formerly Cisco Spark) Cloud and Managed Services Program (CMSP)
Workarounds
Any workarounds for a specific Cisco product or service will be documented in product-specific or service-specific Cisco bugs, which are identified in the Vulnerable Products ["#vulnerable"] section of this advisory.
Fixed Software
For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products ["#vulnerable"] section of this advisory. Questions concerning the Cisco Webex environment can be directed to the Cisco Technical Assistance Center (TAC). When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco TAC or their contracted maintenance providers.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is aware of attempted exploitation of this vulnerability.
Source
On August 22, 2018, the Apache Software Foundation publicly disclosed this vulnerability in a security bulletin at the following link: https://cwiki.apache.org/confluence/display/WW/S2-057 ["https://cwiki.apache.org/confluence/display/WW/S2-057"]
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.


To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "summary": "On August 22, 2018, the Apache Software Foundation publicly disclosed this vulnerability in a security bulletin at the following link: https://cwiki.apache.org/confluence/display/WW/S2-057 [\"https://cwiki.apache.org/confluence/display/WW/S2-057\"]"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.\r\n\r\nThe vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action. In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing. If successful, the attacker could execute arbitrary code in the security context of the affected application on the targeted system.\r\nThe following  Snort rules can be used to detect possible exploitation of this  vulnerability: Snort SID 29639, 39190, 39191, and 47634\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts\"]",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "The Vulnerable Products [\"#vulnerable\"] section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool [\"https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID\"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases.\r\n\r\nAny product or service not listed in the Vulnerable Products [\"#vulnerable\"] section of this advisory is to be considered not vulnerable.",
        "title": "Affected Products"
      },
      {
        "category": "general",
        "text": "Vulnerable products marked with an asterisk (*) contain an affected Struts library, but due to how the library is used within the product, these products are not vulnerable to any of the exploitation vectors known to Cisco at the time of publication.\r\n\r\nThe following table lists Cisco products that are affected by the vulnerability that is described in this advisory:\r\n                                Product              Cisco Bug ID              Fixed Release Availability                                  Collaboration and Social Media                                  Cisco SocialMiner *              CSCvk78903 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78903\"]              Patch available 11-Sept-2018                                  Endpoint Clients and Client Software                                  Cisco Prime Service Catalog *              CSCvm13989 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13989\"]                                                Network and Content Security Devices                                  Cisco Identity Services Engine (ISE)              CSCvm14030 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14030\"]              Patch file available 31-Aug-2018                                  Voice and Unified Communications Devices                                  Cisco Emergency Responder *              CSCvm14044 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14044\"]              1151es (21-Sep-2018)\r\nStandalone COP (21-Sep-2018)                                  Cisco Finesse *              CSCvk78905 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78905\"]              Patch file available 7-Sept-2018.                                  Cisco Hosted Collaboration Solution for Contact Center *              CSCvm14052 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14052\"]              Patch file available 12-Sep-2018                                  Cisco MediaSense *              CSCvk78906 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78906\"]              Patch file available 12-Sep-2018                                  Cisco Unified Communications Manager *              CSCvm14042 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14042\"]              1151es and 1201es (14-Sep-2018)\r\nStandalone COP (20-Sep-2018)                                  Cisco Unified Communications Manager IM \u0026 Presence Service (formerly CUPS) *              CSCvm14049 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14049\"]              1151es and 1201es (21-Sep-2018)\r\nStandalone COP (20-Sep-2018)                                  Cisco Unified Contact Center Enterprise *              CSCvm13986 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986\"]              Patch file available 12-Sept-2018                                  Cisco Unified Contact Center Enterprise - Live Data server *              CSCvk78902 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78902\"]              Patch file available 7-Sept-2018                                  Cisco Unified Contact Center Express *              CSCvm21744 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm21744\"]              Patch file available 12-Sep-2018                                  Cisco Unified Intelligence Center *              CSCvm13984 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13984\"]              Patch file available 12-Sep-2018                                  Cisco Unified Intelligent Contact Management Enterprise *              CSCvm13986 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986\"]              Patch file available 12-Sept-2018                                  Cisco Unified SIP Proxy Software *              CSCvm13980 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13980\"]              918es (28-Sep-2018)                                  Cisco Unified Survivable Remote Site Telephony Manager *              CSCvm13979 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13979\"]              Patch file available 12-Sep-2018                                  Cisco Unity Connection *              CSCvm14043 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14043\"]              1151es and 1201su  (18-Sep-2018)\r\nStandalone COP (21-Sep-2018)                                  Cisco Virtualized Voice Browser *              CSCvm14056 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14056\"]              Patch file available 12-Sep-2018                                  Video, Streaming, TelePresence, and Transcoding Devices                                  Cisco Video Distribution Suite for Internet Streaming (VDS-IS) *              CSCvm14027 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14027\"]              2.3.35 (15-Sept-2018)                                  Cisco Cloud Hosted Services                                  Cisco Network Performance Analysis              CSCvm14040 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14040\"]",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products and services listed in the Vulnerable Products [\"#vulnerable\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following products and services. All members of the product families in the following list are not considered to be affected by this vulnerability unless they are explicitly listed in the preceding Vulnerable Products [\"#vulnerable\"] section:\r\n  Cable Modems\r\n\r\nCisco 3G Femtocell Wireless\r\nNetwork Application, Service, and Acceleration\r\n\r\nCisco Data Center Network Manager\r\nNetwork and Content Security Devices\r\n\r\nCisco Secure Access Control System (ACS)\r\nNetwork Management and Provisioning\r\n\r\nCisco MXE 3500 Series Media Experience Engines\r\nCisco Prime Access Registrar\r\nCisco Prime Central for Service Providers\r\nCisco Prime Collaboration Assurance\r\nCisco Prime Collaboration Provisioning\r\nCisco Prime Infrastructure\r\nCisco Prime LAN Management Solution - Solaris\r\nCisco Prime License Manager\r\nCisco Prime Network Registrar IP Address Manager (IPAM)\r\nCisco Prime Network\r\nCisco Prime Order Management\r\nCisco Prime Provisioning\r\nCisco Security Manager\r\nCisco Smart Net Total Care - Local Collector appliance\r\nRouting and Switching - Enterprise and Service Provider\r\n\r\nCisco Broadband Access Center for Telco and Wireless\r\nVoice and Unified Communications Devices\r\n\r\nCisco Enterprise Chat and Email\r\nCisco Hosted Collaboration Mediation Fulfillment\r\nCisco Unified Customer Voice Portal\r\nCisco Unified E-Mail Interaction Manager\r\nCisco Unified Web Interaction Manager\r\nCisco Unity Express\r\nVideo, Streaming, TelePresence, and Transcoding Devices\r\n\r\nCisco Enterprise Content Delivery System (ECDS)\r\nCisco Expressway Series\r\nCisco TelePresence Video Communication Server (VCS)\r\nCisco Cloud Hosted Services\r\n\r\nCisco Business Video Services Automation Software\r\nCisco Cloud Web Security\r\nCisco Deployment Automation Tool\r\nCisco Network Device Security Assessment Service\r\nCisco Services Provisioning Platform\r\nCisco Smart Net Total Care - Contracts Information System Process Controller\r\nCisco Smart Net Total Care\r\nCisco Unified Service Delivery Platform\r\nCisco Webex Meeting Center - Windows\r\nCisco Webex Meeting Center\r\nCisco Webex Network-Based Recording (NBR) Management\r\nCisco Webex Teams (formerly Cisco Spark)\r\nCloud and Managed Services Program (CMSP)",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "Any workarounds for a specific Cisco product or service will be documented in product-specific or service-specific Cisco bugs, which are identified in the Vulnerable Products [\"#vulnerable\"] section of this advisory.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products [\"#vulnerable\"] section of this advisory. Questions concerning the Cisco Webex environment can be directed to the Cisco Technical Assistance Center (TAC).\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco TAC or their contracted maintenance providers.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is aware of attempted exploitation of this vulnerability.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "On August 22, 2018, the Apache Software Foundation publicly disclosed this vulnerability in a security bulletin at the following link: https://cwiki.apache.org/confluence/display/WW/S2-057 [\"https://cwiki.apache.org/confluence/display/WW/S2-057\"]",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
      "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts"
      },
      {
        "category": "external",
        "summary": "Cisco Bug Search Tool",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"
      },
      {
        "category": "external",
        "summary": "CSCvk78903",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78903"
      },
      {
        "category": "external",
        "summary": "CSCvm13989",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13989"
      },
      {
        "category": "external",
        "summary": "CSCvm14030",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14030"
      },
      {
        "category": "external",
        "summary": "CSCvm14044",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14044"
      },
      {
        "category": "external",
        "summary": "CSCvk78905",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78905"
      },
      {
        "category": "external",
        "summary": "CSCvm14052",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14052"
      },
      {
        "category": "external",
        "summary": "CSCvk78906",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78906"
      },
      {
        "category": "external",
        "summary": "CSCvm14042",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14042"
      },
      {
        "category": "external",
        "summary": "CSCvm14049",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14049"
      },
      {
        "category": "external",
        "summary": "CSCvm13986",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986"
      },
      {
        "category": "external",
        "summary": "CSCvk78902",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk78902"
      },
      {
        "category": "external",
        "summary": "CSCvm21744",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm21744"
      },
      {
        "category": "external",
        "summary": "CSCvm13984",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13984"
      },
      {
        "category": "external",
        "summary": "CSCvm13986",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13986"
      },
      {
        "category": "external",
        "summary": "CSCvm13980",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13980"
      },
      {
        "category": "external",
        "summary": "CSCvm13979",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm13979"
      },
      {
        "category": "external",
        "summary": "CSCvm14043",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14043"
      },
      {
        "category": "external",
        "summary": "CSCvm14056",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14056"
      },
      {
        "category": "external",
        "summary": "CSCvm14027",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14027"
      },
      {
        "category": "external",
        "summary": "CSCvm14040",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14040"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories and Alerts page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "https://cwiki.apache.org/confluence/display/WW/S2-057",
        "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
      }
    ],
    "title": "Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018",
    "tracking": {
      "current_release_date": "2018-09-17T18:52:00+00:00",
      "generator": {
        "date": "2022-09-03T03:40:59+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-20180823-apache-struts",
      "initial_release_date": "2018-08-23T20:00:00+00:00",
      "revision_history": [
        {
          "date": "2018-08-23T19:59:24+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2018-08-24T18:48:43+00:00",
          "number": "1.1.0",
          "summary": "Added Snort SIDs. Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-08-28T19:24:34+00:00",
          "number": "1.2.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-08-28T22:00:08+00:00",
          "number": "1.3.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-08-29T20:51:13+00:00",
          "number": "1.4.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable, updated the awareness of exploitation attempts."
        },
        {
          "date": "2018-08-30T18:31:56+00:00",
          "number": "1.5.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-08-31T15:43:54+00:00",
          "number": "1.6.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-09-04T16:05:47+00:00",
          "number": "1.7.0",
          "summary": "Updated the lists of products under investigation, vulnerable products, and products confirmed not vulnerable."
        },
        {
          "date": "2018-09-05T16:11:33+00:00",
          "number": "1.8.0",
          "summary": "Updated the lists of vulnerable products and products confirmed not vulnerable. Removed references to ongoing investigation."
        },
        {
          "date": "2018-09-06T18:05:26+00:00",
          "number": "1.9.0",
          "summary": "Updated the software availability information for vulnerable products."
        },
        {
          "date": "2018-09-10T16:27:12+00:00",
          "number": "1.10.0",
          "summary": "Updated the list of vulnerable products; in the previous version the asterisk was inadvertently omitted."
        },
        {
          "date": "2018-09-13T14:38:05+00:00",
          "number": "1.11.0",
          "summary": "Updated the software availability information for vulnerable products."
        },
        {
          "date": "2018-09-17T18:52:00+00:00",
          "number": "1.12.0",
          "summary": "Updated the software availability information for vulnerable products."
        }
      ],
      "status": "final",
      "version": "1.12.0"
    }
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-11776",
      "notes": [
        {
          "category": "general",
          "text": "No additional information for this vulneraiblity is currently avaialbe.",
          "title": "No Notes"
        }
      ],
      "release_date": "2018-08-22T16:23:00+00:00",
      "remediations": [
        {
          "category": "none_available",
          "details": "No remediation is available at this time."
        }
      ],
      "title": "Apache Struts Namespace Remote Code Execution Vulnerability"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.