CVE-2018-11776: Apache Struts Remote Code Execution Vulnerability
First published: Wed Aug 22 2018(Updated: )
Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace.
Credit: security@apache.org security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Struts | >=2.3.1<=2.3.34 | |
| Apache Struts | >=2.5.0<=2.5.16 | |
| Apache Struts | >=2.0.4<2.3.35 | |
| Apache Struts | >=2.5.0<2.5.17 | |
| Netapp Active Iq Unified Manager Windows | >=7.3 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Snapcenter | ||
| Oracle Communications Policy Management | <12.5.0 | |
| Oracle Enterprise Manager Base Platform | =13.3.0.0 | |
| Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
| Oracle Mysql Enterprise Monitor | <=3.4.9.4237 | |
| Oracle Mysql Enterprise Monitor | >=4.0.0<=4.0.6.5281 | |
| Oracle Mysql Enterprise Monitor | >=8.0.0<=8.0.2.8191 | |
| maven/org.apache.struts:struts2-core | >=2.5<=2.5.16 | 2.5.17 |
| maven/org.apache.struts:struts2-core | >=2.0.4<=2.3.34 | 2.3.35 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
- http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/105125
- http://www.securitytracker.com/id/1041547
- http://www.securitytracker.com/id/1041888
- https://cwiki.apache.org/confluence/display/WW/S2-057
- https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
- https://lgtm.com/blog/apache_struts_CVE-2018-11776
- https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
- https://security.netapp.com/advisory/ntap-20180822-0001/
- https://security.netapp.com/advisory/ntap-20181018-0002/
- https://www.exploit-db.com/exploits/45260/
- https://www.exploit-db.com/exploits/45262/
- https://www.exploit-db.com/exploits/45367/
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2018-11776
- https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
- https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
- https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
- https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
- https://github.com/advisories/GHSA-cr6j-3jp9-rw65 (Advisory)
- https://www.exploit-db.com/exploits/45367
- https://www.exploit-db.com/exploits/45262
- https://www.exploit-db.com/exploits/45260
- https://security.netapp.com/advisory/ntap-20181018-0002
- https://security.netapp.com/advisory/ntap-20180822-0001
Frequently Asked Questions
What is CVE-2018-11776?
CVE-2018-11776 is a vulnerability in Apache Struts that allows for remote code execution.
What versions of Apache Struts are affected by CVE-2018-11776?
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 are affected by CVE-2018-11776.
What is the severity of CVE-2018-11776?
CVE-2018-11776 has a severity rating of 8.1 (Critical).
How can I fix CVE-2018-11776?
To fix CVE-2018-11776, upgrade to Apache Struts version 2.5.17 or 2.3.35, which contain the necessary security patches.
Where can I find more information about CVE-2018-11776?
You can find more information about CVE-2018-11776 on the NIST NVD website, the Apache Struts Confluence page, and the GitHub advisory page.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/weakness
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-cr6j-3jp9-rw65
- alias/CVE-2018-11776
- agent/references
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache struts
- version/apache struts/2.3.1
- version/apache struts/2.3.34
- version/apache struts/2.5.0
- version/apache struts/2.5.16
- version/apache struts/2.0.4
- vendor/netapp
- canonical/netapp active iq unified manager windows
- version/netapp active iq unified manager windows/7.3
- canonical/netapp active iq unified manager vmware vsphere
- version/netapp active iq unified manager vmware vsphere/9.5
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp snapcenter
- vendor/oracle
- canonical/oracle communications policy management
- canonical/oracle enterprise manager base platform
- version/oracle enterprise manager base platform/13.3.0.0
- version/oracle enterprise manager base platform/13.4.0.0
- canonical/oracle mysql enterprise monitor
- version/oracle mysql enterprise monitor/3.4.9.4237
- version/oracle mysql enterprise monitor/4.0.0
- version/oracle mysql enterprise monitor/4.0.6.5281
- version/oracle mysql enterprise monitor/8.0.0
- version/oracle mysql enterprise monitor/8.0.2.8191
- package-manager/maven