Vulnerability Name:

CVE-2018-11776 (CCN-148694)

Assigned:2018-08-22
Published:2018-08-22
Updated:2023-06-12
Summary:Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when using results with no namespace and its upper action configurations have no wildcard namespace. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS v3 Severity:8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2018-11776

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: CCN
Type: IBM Security Bulletin 731343 (Connections)
IBM Connections Security Refresh for Apache Struts Remote Code Execution (RCE) Vulnerability (CVE-2018-11776)

Source: CCN
Type: IBM Security Bulletin 741137 (SAN Volume Controller)
Vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-11776)

Source: CCN
Type: Oracle CVE-2018-11776
Oracle Security Alert for CVE-2018-11776

Source: security@apache.org
Type: Patch, Third Party Advisory
security@apache.org

Source: CCN
Type: Oracle CPUJan2019
Oracle Critical Patch Update Advisory - January 2019

Source: CCN
Type: Oracle CPUOct2018
Oracle Critical Patch Update Advisory - October 2018

Source: security@apache.org
Type: Patch, Third Party Advisory
security@apache.org

Source: CCN
Type: BID-105125
Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability

Source: security@apache.org
Type: Third Party Advisory, VDB Entry
security@apache.org

Source: security@apache.org
Type: Third Party Advisory, VDB Entry
security@apache.org

Source: security@apache.org
Type: Third Party Advisory, VDB Entry
security@apache.org

Source: CCN
Type: Apache Struts 2 Documentation S2-057
Possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn’t have value and action set.

Source: security@apache.org
Type: Issue Tracking, Third Party Advisory
security@apache.org

Source: XF
Type: UNKNOWN
apache-struts-cve201811776-code-exec(148694)

Source: security@apache.org
Type: Exploit, Third Party Advisory
security@apache.org

Source: CCN
Type: GitHub Web site
St2-057

Source: security@apache.org
Type: Exploit, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: CCN
Type: Packet Storm Security [08-26-2018]
Apache Struts 2.3 / 2.5 Remote Code Execution

Source: CCN
Type: Packet Storm Security [08-25-2018]
Apache Struts 2.3 / 2.5 Remote Code Execution

Source: CCN
Type: Packet Storm Security [09-07-2018]
Apache Struts 2 Namespace Redirect OGNL Injection

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: CCN
Type: Semmle Web site
Semmle Discovers Critical Remote Code Execution Vulnerability in Apache Struts (CVE-2018-11776)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20180823-apache-struts
Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-26-2018]

Source: security@apache.org
Type: Exploit, Third Party Advisory, VDB Entry
security@apache.org

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-25-2018]

Source: security@apache.org
Type: Exploit, Third Party Advisory, VDB Entry
security@apache.org

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-10-2018]

Source: security@apache.org
Type: Exploit, Third Party Advisory, VDB Entry
security@apache.org

Source: CCN
Type: IBM Security Bulletin 730391 (Content Collector)
Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

Source: CCN
Type: IBM Security Bulletin 732783 (Security Guardium)
IBM Security Guardium is affected by a Publicly disclosed Apache Struts vulnerability

Source: CCN
Type: IBM Security Bulletin 735023 (FlashSystem V840)
A vulnerability in Apache Struts affects the IBM FlashSystem V840

Source: CCN
Type: IBM Security Bulletin 735035 (FlashSystem V840)
A vulnerability in Apache Struts affects the IBM FlashSystem 840 and 900

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: security@apache.org
Type: Patch, Third Party Advisory
security@apache.org

Source: CCN
Type: Rapid7 Web site
Apache Struts 2 Namespace Redirect OGNL Injection

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-11776

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:apache:struts:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.30:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.5.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.31:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.33:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:2.3.34:*:*:*:*:*:*:*
  • AND
  • cpe:/a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:finesse:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:socialminer:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:mediasense:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:san_volume_controller:-:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.trusty:def:201811776000
    V
    		CVE-2018-11776 on Ubuntu 14.04 LTS (trusty) - medium.
    2018-08-22
    BACK
    apache struts 2.3.1
    apache struts 2.3.14.3
    apache struts 2.3.14
    apache struts 2.3.15
    apache struts 2.3.15.3
    apache struts 2.3.8
    apache struts 2.3.7
    apache struts 2.3.4.1
    apache struts 2.3.4
    apache struts 2.3.3
    apache struts 2.3.1.2
    apache struts 2.3.1.1
    apache struts 2.3.12
    apache struts 2.3.14.2
    apache struts 2.3.14.1
    apache struts 2.3.15.1
    apache struts 2.3.16
    apache struts 2.3.15.2
    apache struts 2.3.16.1
    apache struts 2.3.16.2
    apache struts 2.3.16.3
    apache struts 2.3.20
    apache struts 2.3.24
    apache struts 2.3.24.1
    apache struts 2.3.28
    apache struts 2.3.30
    apache struts 2.5
    apache struts 2.5.10
    apache struts 2.5.12
    apache struts 2.5.5
    apache struts 2.5.1
    apache struts 2.5.2
    apache struts 2.5.8
    apache struts 2.5.10.1
    apache struts 2.5.13
    apache struts 2.5.14
    apache struts 2.5.14.1
    apache struts 2.5.16
    apache struts 2.3.20.1
    apache struts 2.3.20.3
    apache struts 2.3.24.3
    apache struts 2.3.28.1
    apache struts 2.3.29
    apache struts 2.3.31
    apache struts 2.3.32
    apache struts 2.3.33
    apache struts 2.3.34
    cisco unified contact center enterprise -
    cisco finesse -
    ibm connections 5.0
    ibm content collector 4
    cisco socialminer -
    cisco mediasense -
    cisco unified contact center express -
    ibm connections 5.5
    cisco unity connection -
    ibm connections 6.0
    ibm security guardium 10.1.4
    ibm security guardium 10.5
    ibm san volume controller -
    oracle mysql enterprise monitor 3.4.9.4237
    oracle mysql enterprise monitor 4.0.6.5281
    oracle mysql enterprise monitor 8.0.2.8191