cve-2018-11776
Vulnerability from cvelistv5
Published
2018-08-22 13:00
Modified
2024-09-16 19:36
Severity ?
Summary
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
References
security@apache.orghttp://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txtMailing List, Third Party Advisory
security@apache.orghttp://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.htmlPatch, Third Party Advisory
security@apache.orghttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security@apache.orghttp://www.securityfocus.com/bid/105125Broken Link, Third Party Advisory, VDB Entry
security@apache.orghttp://www.securitytracker.com/id/1041547Broken Link, Third Party Advisory, VDB Entry
security@apache.orghttp://www.securitytracker.com/id/1041888Broken Link, Third Party Advisory, VDB Entry
security@apache.orghttps://cwiki.apache.org/confluence/display/WW/S2-057Issue Tracking, Third Party Advisory
security@apache.orghttps://github.com/hook-s3c/CVE-2018-11776-Python-PoCExploit, Third Party Advisory
security@apache.orghttps://lgtm.com/blog/apache_struts_CVE-2018-11776Exploit, Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3EMailing List
security@apache.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20180822-0001/Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20181018-0002/Third Party Advisory
security@apache.orghttps://www.exploit-db.com/exploits/45260/Exploit, Third Party Advisory, VDB Entry
security@apache.orghttps://www.exploit-db.com/exploits/45262/Exploit, Third Party Advisory, VDB Entry
security@apache.orghttps://www.exploit-db.com/exploits/45367/Exploit, Third Party Advisory, VDB Entry
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
Impacted products
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2022-05-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-11776

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:17:09.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041888",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041888"
          },
          {
            "name": "45367",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45367/"
          },
          {
            "name": "45262",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45262/"
          },
          {
            "name": "105125",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105125"
          },
          {
            "name": "1041547",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041547"
          },
          {
            "name": "45260",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45260/"
          },
          {
            "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Struts",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.3 to 2.3.34"
            },
            {
              "status": "affected",
              "version": "2.5 to 2.5.16"
            }
          ]
        }
      ],
      "datePublic": "2018-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T00:00:00",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "1041888",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1041888"
        },
        {
          "name": "45367",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/45367/"
        },
        {
          "name": "45262",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/45262/"
        },
        {
          "name": "105125",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/105125"
        },
        {
          "name": "1041547",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1041547"
        },
        {
          "name": "45260",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/45260/"
        },
        {
          "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
        },
        {
          "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
        },
        {
          "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
        },
        {
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
        },
        {
          "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
        },
        {
          "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-11776",
    "datePublished": "2018-08-22T13:00:00Z",
    "dateReserved": "2018-06-05T00:00:00",
    "dateUpdated": "2024-09-16T19:36:52.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2018-11776",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776",
      "product": "Struts",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn\u0027t set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace.  Or, using URL tag which doesn\u0027t have value and action set and in same time, its upper package configuration have no or wildcard namespace.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache Struts Remote Code Execution Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11776\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-08-22T13:29:00.753\",\"lastModified\":\"2024-07-25T14:48:56.837\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apache Struts Remote Code Execution Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace.\"},{\"lang\":\"es\",\"value\":\"Apache Struts, desde la versi\u00f3n 2.3 hasta la 2.3.34 y desde la versi\u00f3n 2.5 hasta la 2.5.16, sufre de una posible ejecuci\u00f3n remota de c\u00f3digo cuando el valor de alwaysSelectFullNamespace es \\\"true\\\" (establecido por el usuario o por un plugin como Convention Plugin). Adem\u00e1s, los resultados se emplean sin ning\u00fan espacio de nombres y, al mismo tiempo, el paquete superior no tiene espacio de nombres o contiene caracteres comod\u00edn. De manera similar a como pasa con los resultados, existe la misma posibilidad al emplear la etiqueta url, que no tiene un valor y acci\u00f3n definidos y, adem\u00e1s, su paquete superior no tiene espacio de nombres o contiene caracteres comod\u00edn.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.3},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.4\",\"versionEndExcluding\":\"2.3.35\",\"matchCriteriaId\":\"688F84A7-B698-4343-9F7B-FD68B2218035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.17\",\"matchCriteriaId\":\"0D66D46C-389B-4C37-9EEE-6301774719FA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.3\",\"matchCriteriaId\":\"BD075607-09B7-493E-8611-66D041FFDA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"9.5\",\"matchCriteriaId\":\"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_policy_management:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.5.0\",\"matchCriteriaId\":\"0E8AF73E-8AC6-4F65-A6F0-DBB2CC7A613F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7582B307-3899-4BBB-B868-BC912A4D0109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.4.9.4237\",\"matchCriteriaId\":\"8A94B32D-6B5F-4E42-8345-4F9126A89435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.6.5281\",\"matchCriteriaId\":\"EF71D94F-EFC5-4390-A380-AC0E5DB05516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.2.8191\",\"matchCriteriaId\":\"33EFAF19-A639-47AD-9CDC-D174C91F0F00\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105125\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041547\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041888\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cwiki.apache.org/confluence/display/WW/S2-057\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lgtm.com/blog/apache_struts_CVE-2018-11776\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180822-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181018-0002/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45260/\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45262/\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45367/\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.