# N/A
## 漏洞概述
Apache Struts的某些版本中存在远程代码执行漏洞,条件是`alwaysSelectFullNamespace`设置为true,同时满足特定包命名空间条件。
## 影响版本
- 2.3到2.3.34
- 2.5到2.5.16
## 细节
当`alwaysSelectFullNamespace`为true(通过用户或类似Convention插件设置)且满足以下条件时,存在此漏洞:
- 使用结果时没有命名空间,并且其上级包没有命名空间或者使用通配符命名空间。
- 使用URL标签时,没有设置`value`和`action`,并且其上级包没有命名空间或者使用通配符命名空间。
## 影响
此漏洞可能导致远程代码执行,攻击者可能利用此漏洞在目标系统上执行任意代码。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Creating a vulnerable environment and the PoC | https://github.com/xfox64x/CVE-2018-11776 | POC详情 |
| 2 | CVE-2018-11776(S2-057) EXPLOIT CODE | https://github.com/jiguangsdf/CVE-2018-11776 | POC详情 |
| 3 | Working Python test and PoC for CVE-2018-11776, includes Docker lab | https://github.com/hook-s3c/CVE-2018-11776-Python-PoC | POC详情 |
| 4 | An exploit for Apache Struts CVE-2018-11776 | https://github.com/mazen160/struts-pwn_CVE-2018-11776 | POC详情 |
| 5 | Vulnerable docker container for CVE-2018-11776 | https://github.com/bhdresh/CVE-2018-11776 | POC详情 |
| 6 | Environment for CVE-2018-11776 / S2-057 (Apache Struts 2) | https://github.com/knqyf263/CVE-2018-11776 | POC详情 |
| 7 | Proof of Concept for CVE-2018-11776 | https://github.com/Ekultek/Strutter | POC详情 |
| 8 | None | https://github.com/tuxotron/cve-2018-11776-docker | POC详情 |
| 9 | A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776) | https://github.com/brianwrf/S2-057-CVE-2018-11776 | POC详情 |
| 10 | This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers. | https://github.com/649/Apache-Struts-Shodan-Exploit | POC详情 |
| 11 | None | https://github.com/jezzus/CVE-2018-11776-Python-PoC | POC详情 |
| 12 | cve-2018-11776 | https://github.com/cved-sources/cve-2018-11776 | POC详情 |
| 13 | Spins up an isolated test environment for experimentation with Apache Struts vulnerability CVE-2018-11776. | https://github.com/OzNetNerd/apche-struts-vuln-demo-cve-2018-11776 | POC详情 |
| 14 | Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. | https://github.com/cucadili/CVE-2018-11776 | POC详情 |
| 15 | Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts. | https://github.com/ArunBhandarii/Apache-Struts-0Day-Exploit | POC详情 |
| 16 | None | https://github.com/freshdemo/ApacheStruts-CVE-2018-11776 | POC详情 |
| 17 | None | https://github.com/sonpt-afk/CVE-2018-11776-FIS | POC详情 |
| 18 | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-11776.yaml | POC详情 |
| 19 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Struts2%20S2-057%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2018-11776.md | POC详情 |
| 20 | Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts. | https://github.com/arlyone/Apache-Struts-0Day-Exploit | POC详情 |
| 21 | PoC Script for the CVE-2018-11776 vuln | https://github.com/m4sk0ff/CVE-2018-11776 | POC详情 |
暂无评论