[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Apache Struts 2.x Remote Code Execution Vulnerability

Author
Man Yue Mo
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-30956
Category
remote exploits
Date add
24-08-2018
CVE
CVE-2018-11776
Platform
multiple
[CVEID]:CVE-2018-11776
[PRODUCT]:Apache Struts
[VERSION]:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16
[PROBLEMTYPE]:Remote Code Execution
[REFERENCES]:https://cwiki.apache.org/confluence/display/WW/S2-057
[DESCRIPTION]:Man Yue Mo from the Semmle Security Research team was
noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16
suffer from possible Remote Code Execution when using results with no
namespace and in same time, its upper action(s) have no or wildcard
namespace. Same possibility when using url tag which doesnat have value
and action set and in same time, its upper action(s) have no or wildcard
namespace.

#  0day.today [2024-12-25]  #