CyberSec.Space Logo
Back to CVE Browser

CVE-2018-11776

Known Exploited (CISA KEV)HIGH
8.1
CVSS Severity Score
EPSS Score76.1450%
EPSS Percentile93.78th
PublishedAug 22, 2018
Last ModifiedOct 27, 2025

Vulnerability Description

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

Affected Platforms (CPE)

πŸ“¦
Apache

Struts

>= 2.0.4 and < 2.3.35
πŸ“¦
Apache

Struts

>= 2.5.0 and < 2.5.17
πŸ“¦
Netapp

Active Iq Unified Manager

>= 7.3
πŸ“¦
Netapp

Active Iq Unified Manager

>= 9.5
πŸ“¦
Netapp

Oncommand Insight

All versions
πŸ“¦
Netapp

Oncommand Workflow Automation

All versions
πŸ“¦
Netapp

Snapcenter

All versions
πŸ“¦
Oracle

Communications Policy Management

< 12.5.0
πŸ“¦
Oracle

Enterprise Manager Base Platform

= 13.3.0.0
πŸ“¦
Oracle

Enterprise Manager Base Platform

= 13.4.0.0
πŸ“¦
Oracle

Mysql Enterprise Monitor

<= 3.4.9.4237
πŸ“¦
Oracle

Mysql Enterprise Monitor

>= 4.0.0 and <= 4.0.6.5281
πŸ“¦
Oracle

Mysql Enterprise Monitor

>= 8.0.0 and <= 8.0.2.8191

References & Advisories

πŸ”— http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
πŸ”— http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
πŸ”— http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
πŸ”— http://www.securityfocus.com/bid/105125
πŸ”— http://www.securitytracker.com/id/1041547
πŸ”— http://www.securitytracker.com/id/1041888
πŸ”— https://cwiki.apache.org/confluence/display/WW/S2-057

Related Vulnerabilities

CVE-2013-431610.0

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVE-2012-083810.0

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows re...

CVE-2020-175309.8

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...