CVE-2018-11776: Remote Code Execution
(updated )
Apache Struts suffers from RCE when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin).
References
- www.securityfocus.com/bid/105125
- www.securitytracker.com/id/1041547
- www.securitytracker.com/id/1041888
- access.redhat.com/security/cve/CVE-2018-11776
- cwiki.apache.org/confluence/display/WW/S2-057
- nvd.nist.gov/vuln/detail/CVE-2018-11776
- struts.apache.org/docs/s2-057.html
- www.exploit-db.com/exploits/45260/
- www.exploit-db.com/exploits/45262/
- www.exploit-db.com/exploits/45367/
Code Behaviors & Features
Detect and mitigate CVE-2018-11776 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →