Versions Compared

Old Version 7

changes.mady.by.user Yasser Zamani

Saved on

compared with

New Version 8

changes.mady.by.user Yasser Zamani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: make it more clear

...

Excerpt

Possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then, : results are used with no namespace and in same time, its upper package have no or wildcard namespace. Similar and similar to results, same possibility when using url tag which doesn’t have value and action set and in same time, its upper package have no or wildcard namespace.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then, : results are used with no namespace and in same time, its upper package have no or wildcard namespace. Similar and similar to results, same possibility when using url tag which doesn’t have value and action set and in same time, its upper package have no or wildcard namespace.

Maximum security rating

Critical

Recommendation

Upgrade to Struts 2.3.35 or Struts 2.5.17

Affected Software

Struts 2.3 - Struts 2.3.34, Struts 2.5 - Struts 2.5.16

Reporter

Man Yue Mo from the Semmle Security Research team

CVE Identifier

CVE-2018-11776

...

It is possible to perform a RCE attack when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then, : namespace value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Same and same possibility when using url tag which doesn’t have value and action set and in same time, its upper package configuration have no or wildcard namespace.

...