{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2018-11776", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2024-09-16T19:36:52.447Z", "dateReserved": "2018-06-05T00:00:00", "datePublished": "2018-08-22T13:00:00Z"}, "containers": {"cna": {"datePublic": "2018-08-22T00:00:00", "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-06-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace."}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Struts", "versions": [{"version": "2.3 to 2.3.34", "status": "affected"}, {"version": "2.5 to 2.5.16", "status": "affected"}]}], "references": [{"name": "1041888", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1041888"}, {"name": "45367", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/45367/"}, {"name": "45262", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/45262/"}, {"name": "105125", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/105125"}, {"name": "1041547", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1041547"}, {"name": "45260", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/45260/"}, {"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"}, {"url": "https://cwiki.apache.org/confluence/display/WW/S2-057"}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"}, {"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"}, {"url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"}, {"url": "https://security.netapp.com/advisory/ntap-20180822-0001/"}, {"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"}, {"url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"}, {"url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Remote Code Execution"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:17:09.231Z"}, "title": "CVE Program Container", "references": [{"name": "1041888", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1041888"}, {"name": "45367", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45367/"}, {"name": "45262", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45262/"}, {"name": "105125", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/105125"}, {"name": "1041547", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1041547"}, {"name": "45260", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45260/"}, {"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20181018-0002/", "tags": ["x_transferred"]}, {"url": "https://cwiki.apache.org/confluence/display/WW/S2-057", "tags": ["x_transferred"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html", "tags": ["x_transferred"]}, {"url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20180822-0001/", "tags": ["x_transferred"]}, {"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt", "tags": ["x_transferred"]}, {"url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html", "tags": ["x_transferred"]}]}]}}

{}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache Struts Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "matchCriteriaId": "688F84A7-B698-4343-9F7B-FD68B2218035", "versionEndExcluding": "2.3.35", "versionStartIncluding": "2.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D66D46C-389B-4C37-9EEE-6301774719FA", "versionEndExcluding": "2.5.17", "versionStartIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_policy_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E8AF73E-8AC6-4F65-A6F0-DBB2CC7A613F", "versionEndExcluding": "12.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A94B32D-6B5F-4E42-8345-4F9126A89435", "versionEndIncluding": "3.4.9.4237", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF71D94F-EFC5-4390-A380-AC0E5DB05516", "versionEndIncluding": "4.0.6.5281", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "33EFAF19-A639-47AD-9CDC-D174C91F0F00", "versionEndIncluding": "8.0.2.8191", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace."}, {"lang": "es", "value": "Apache Struts, desde la versi\u00f3n 2.3 hasta la 2.3.34 y desde la versi\u00f3n 2.5 hasta la 2.5.16, sufre de una posible ejecuci\u00f3n remota de c\u00f3digo cuando el valor de alwaysSelectFullNamespace es \"true\" (establecido por el usuario o por un plugin como Convention Plugin). Adem\u00e1s, los resultados se emplean sin ning\u00fan espacio de nombres y, al mismo tiempo, el paquete superior no tiene espacio de nombres o contiene caracteres comod\u00edn. De manera similar a como pasa con los resultados, existe la misma posibilidad al emplear la etiqueta url, que no tiene un valor y acci\u00f3n definidos y, adem\u00e1s, su paquete superior no tiene espacio de nombres o contiene caracteres comod\u00edn."}], "id": "CVE-2018-11776", "lastModified": "2024-07-25T14:48:56.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-22T13:29:00.753", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"source": "security@apache.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105125"}, {"source": "security@apache.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041547"}, {"source": "security@apache.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041888"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://cwiki.apache.org/confluence/display/WW/S2-057"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180822-0001/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45260/"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45262/"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45367/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "struts2: Using specific results and namespaces can result in a remote code execution", "id": "1620019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace."], "name": "CVE-2018-11776", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "struts2-core", "product_name": "Red Hat JBoss Fuse Service Works 6"}], "public_date": "2018-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-11776\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11776\nhttps://cwiki.apache.org/confluence/display/WW/S2-057\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled in any Red Hat provided final products, and does not cause any vulnerability in the product, struts2-core jars have been included in some products' source code packages. The inclusion was part of an import of the Google Guice repository, which includes struts2-core. Customers that build artefacts from our source code could be at risk. Red Hat will remove these artefacts from source code in future releases.\nThe products that included the Struts 2 artefacts in their source jars:\nFuse Service Works 6.0.0\nSingle Sign On 7.3.0+\nIf you have used the source package from one of these products to build artefacts on your system, you should do the following to remove potentially affected jars:\n1. Run 'find . -name struts2*.jar' under the source location\n2. Remove any files found\nThis will not affect the product, as the jar is included with the source of google-guice, but no functionality requiring struts2 is implemented.", "threat_severity": "Critical", "upstream_fix": "struts2 2.3.35, struts2 2.5.17"}