Monday, 24 September 2018

CVE-2018-11776: Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit module)

EDB-ID: 45367
CVE: CVE-2018-11776
E-DB Verified: Yes
Author: Metasploit
Type: Remote
Advisory/Source: GitHub
Published: 2018-09-10
Platform: Multiple (Windows, Linux)

Description aboout CVE-2018-11776:
   Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

And have something to say about GitHackTools or CVE-2018-11776? Comment below or share this post from GitHackTools FacebookGitHackTools Twitter and GitHackTools Google Plus.



By at
Labels:forex, iqoption, pubg Hacked , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)