← back
CVE-2018-11776

CVE-2018-11776

CVSS 8.1 HIGHEPSS 100.0%● KEV
In short

Apache Struts has a flaw that allows attackers to run harmful code on servers running vulnerable versions. This happens when certain namespace settings are misconfigured, letting attackers inject commands through web requests.

Technical detail

Remote Code Execution vulnerability in Apache Struts 2.3.0-2.3.34 and 2.5.0-2.5.16 when alwaysSelectFullNamespace is enabled and namespace handling results in incomplete or wildcard namespace resolution. Attack vector is network-based via crafted requests to results without explicit namespaces or url tags with missing action values; exploitation requires specific package/namespace configuration conditions.

Summary generated and translated by AI from the official description.
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Apache Software Foundation · Apache Struts
public PoCs found25
githubgithub.com/mazen160/struts-pwn_CVE-2018-11776303githubgithub.com/hook-s3c/CVE-2018-11776-Python-PoC123githubgithub.com/649/Apache-Struts-Shodan-Exploit56githubgithub.com/Ekultek/Strutter21githubgithub.com/brianwrf/S2-057-CVE-2018-1177616githubgithub.com/arlyone/Apache-Struts-0Day-Exploit16githubgithub.com/xfox64x/CVE-2018-1177615githubgithub.com/bhdresh/CVE-2018-1177612githubgithub.com/jiguangsdf/CVE-2018-1177610githubgithub.com/knqyf263/CVE-2018-117764githubgithub.com/tuxotron/cve-2018-11776-docker3githubgithub.com/cved-sources/cve-2018-117761githubgithub.com/m4sk0ff/CVE-2018-117760githubgithub.com/sonpt-afk/CVE-2018-11776-FIS0githubgithub.com/freshdemo/ApacheStruts-CVE-2018-117760githubgithub.com/cucadili/CVE-2018-117760githubgithub.com/jezzus/CVE-2018-11776-Python-PoC0githubgithub.com/OzNetNerd/apche-struts-vuln-demo-cve-2018-117760exploitdbwww.exploit-db.com/exploits/45262unverifiedexploitdbwww.exploit-db.com/exploits/45260unverifiedcve_referencewww.exploit-db.com/exploits/45260/unverifiedcve_referencewww.exploit-db.com/exploits/45262/unverifiedcve_referencewww.exploit-db.com/exploits/45367/unverifiedexploitdbwww.exploit-db.com/exploits/45367unverifiedcve_referencepacketstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.htmlhttps://cwiki.apache.org/confluence/display/WW/S2-057https://github.com/hook-s3c/CVE-2018-11776-Python-PoChttps://lgtm.com/blog/apache_struts_CVE-2018-11776https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3Ehttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012https://security.netapp.com/advisory/ntap-20180822-0001/https://security.netapp.com/advisory/ntap-20181018-0002/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776https://www.exploit-db.com/exploits/45260/https://www.exploit-db.com/exploits/45262/https://www.exploit-db.com/exploits/45367/