...
Excerpt |
---|
Possible Remote Code Execution when |
...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | Possible Remote Code Execution when |
Maximum security rating | Critical |
Recommendation | |
Affected Software | Struts 2.0.3 4 - Struts 2.3.34, Struts 2.5.0 - Struts 2.5.16 |
Reporter | Man Yue Mo from the Semmle Security Research team |
CVE Identifier | CVE-2018-11776 |
...
It is possible to perform a RCE attack when alwaysSelectFullNamespace
is true
(either by user or a plugin like Convention Plugin) and then, : namespace
value isn't set for a result defined in underlying configurations and in same time, its upper package
configuration have no or wildcard namespace
. Same and same possibility when using url
tag which doesn’t have value
and action
set and in same time, its upper package
configuration have no or wildcard namespace
.
...
Verify that you have set (and always not forgot to set) namespace
for your all defined package
s. Or , verify that you have set (and always not forgot to set) namespace
for your all defined results (if it is applicable) and verify that you have set (and always not forgot to set) value
or action
for all url
tags in your JSPs, when their upper package
have no or wildcard namespace
.
...