CVE-2018-11776

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

References

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt

http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/105125

http://www.securitytracker.com/id/1041547

http://www.securitytracker.com/id/1041888

https://cwiki.apache.org/confluence/display/WW/S2-057

https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

https://lgtm.com/blog/apache_struts_CVE-2018-11776

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012

https://security.netapp.com/advisory/ntap-20180822-0001/

https://security.netapp.com/advisory/ntap-20181018-0002/

https://www.exploit-db.com/exploits/45260/

https://www.exploit-db.com/exploits/45262/

https://www.exploit-db.com/exploits/45367/

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Details

Source: MITRE

Published: 2018-08-22

Updated: 2020-07-15

Type: CWE-20

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* versions from 2.3.1 to 2.3.34 (inclusive)

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* versions from 2.5.0 to 2.5.16 (inclusive)

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
112727Apache Struts 2.0.4 < 2.3.35 / 2.5.x < 2.5.17 Remote Code Execution (S2-057)Web Application ScanningComponent Vulnerability
high
138901MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)NessusCGI abuses
high
138555Oracle Enterprise Manager Cloud Control (Jul 2020 CPU)NessusMisc.
high
112289Cisco Unified Communication Manager Apache Struts RCE (CSCvm14042)NessusCISCO
high
112288Cisco Unified Communications Manager IM & Presence Service Apache Struts RCE (CSCvm14049)NessusCISCO
high
112219Cisco Identity Services Engine Struts2 Namespace VulnerabilityNessusCISCO
high
112064Apache Struts CVE-2018-11776 Results With No Namespace Remote Code Execution (S2-057) (remote)NessusCGI abuses
high
112036Apache Struts CVE-2018-11776 Results With No Namespace Possible Remote Code Execution (S2-057)NessusMisc.
high