CVE-2018-11776 — HIGH (8.1)

Q: How severe is CVE-2018-11776?

CVE-2018-11776 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-11776?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Struts, Netapp Active Iq Unified Manager, Netapp Oncommand Insight, Netapp Oncommand Workflow Automation, Netapp Snapcenter.

Vulnerability Description

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Struts	>= 2.0.4, < 2.3.35
Netapp	Active Iq Unified Manager	>= 7.3
Netapp	Oncommand Insight	-
Netapp	Oncommand Workflow Automation	-
Netapp	Snapcenter	-
Oracle	Communications Policy Management	< 12.5.0
Oracle	Enterprise Manager Base Platform	13.3.0.0
Oracle	Mysql Enterprise Monitor	<= 3.4.9.4237

References

http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.Third Party AdvisoryVDB Entry
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txtBroken LinkMailing ListThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787PatchThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatchThird Party Advisory
http://www.securityfocus.com/bid/105125Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041547Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041888Broken LinkThird Party AdvisoryVDB Entry
https://cwiki.apache.org/confluence/display/WW/S2-057Issue TrackingThird Party Advisory
https://github.com/hook-s3c/CVE-2018-11776-Python-PoCExploitThird Party Advisory
https://lgtm.com/blog/apache_struts_CVE-2018-11776ExploitThird Party Advisory
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0Mailing List
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012Third Party Advisory
https://security.netapp.com/advisory/ntap-20180822-0001/Third Party Advisory
https://security.netapp.com/advisory/ntap-20181018-0002/Third Party Advisory
https://www.exploit-db.com/exploits/45260/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-11776?

CVE-2018-11776 is a vulnerability with a CVSS score of 8.1 (HIGH). Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: r...

How severe is CVE-2018-11776?

CVE-2018-11776 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-11776?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Struts, Netapp Active Iq Unified Manager, Netapp Oncommand Insight, Netapp Oncommand Workflow Automation, Netapp Snapcenter.