CVE-2018-11776

CVE Database · CVE-2018-11776

CVE-2018-11776

· HIGHAnalyzed

CVSS v3.1

8.1

EPSS

99.99%

Published

Aug 22, 2018

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (13)

All weaponized →

Exploit-DBApache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)Exploit-DBApache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)Exploit-DBApache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCmazen160/struts-pwn_CVE-2018-11776★303 GitHub PoChook-s3c/CVE-2018-11776-Python-PoC★123 GitHub PoC649/Apache-Struts-Shodan-Exploit★56 GitHub PoCEkultek/Strutter★21 GitHub PoCbrianwrf/S2-057-CVE-2018-11776★16 GitHub PoCarlyone/Apache-Struts-0Day-Exploit★16 GitHub PoCxfox64x/CVE-2018-11776★15 GitHub PoCbhdresh/CVE-2018-11776★12

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products (13)

apache · struts (up to 2.3.35)vulnerable

apache · struts (up to 2.5.17)vulnerable

netapp · active_iq_unified_managervulnerable

netapp · oncommand_insightvulnerable

netapp · oncommand_workflow_automationvulnerable

netapp · snapcentervulnerable

oracle · communications_policy_management (up to 12.5.0)vulnerable

oracle · enterprise_manager_base_platformvulnerable

References (20)