一、 漏洞 CVE-2018-11776 基础信息
漏洞信息
                                        # N/A

## 漏洞概述
Apache Struts的某些版本中存在远程代码执行漏洞,条件是`alwaysSelectFullNamespace`设置为true,同时满足特定包命名空间条件。

## 影响版本
- 2.3到2.3.34
- 2.5到2.5.16

## 细节
当`alwaysSelectFullNamespace`为true(通过用户或类似Convention插件设置)且满足以下条件时,存在此漏洞:
- 使用结果时没有命名空间,并且其上级包没有命名空间或者使用通配符命名空间。
- 使用URL标签时,没有设置`value`和`action`,并且其上级包没有命名空间或者使用通配符命名空间。

## 影响
此漏洞可能导致远程代码执行,攻击者可能利用此漏洞在目标系统上执行任意代码。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Apache Struts 输入验证错误漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apache Struts是美国阿帕奇(Apache)软件基金会负责维护的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。Apache Struts 2是Apache Struts的下一代产品,是在Struts 1和WebWork的技术基础上进行了合并的全新Struts 2框架,其体系结构与Struts 1差别较大。 Apache Struts 2.3版本至2.3.34版本和2.5版本至2.5.16版本中存在输入验证漏洞
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
输入验证错误
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2018-11776 的公开POC
# POC 描述 源链接 神龙链接
1 Creating a vulnerable environment and the PoC https://github.com/xfox64x/CVE-2018-11776 POC详情
2 CVE-2018-11776(S2-057) EXPLOIT CODE https://github.com/jiguangsdf/CVE-2018-11776 POC详情
3 Working Python test and PoC for CVE-2018-11776, includes Docker lab https://github.com/hook-s3c/CVE-2018-11776-Python-PoC POC详情
4 An exploit for Apache Struts CVE-2018-11776 https://github.com/mazen160/struts-pwn_CVE-2018-11776 POC详情
5 Vulnerable docker container for CVE-2018-11776 https://github.com/bhdresh/CVE-2018-11776 POC详情
6 Environment for CVE-2018-11776 / S2-057 (Apache Struts 2) https://github.com/knqyf263/CVE-2018-11776 POC详情
7 Proof of Concept for CVE-2018-11776 https://github.com/Ekultek/Strutter POC详情
8 None https://github.com/tuxotron/cve-2018-11776-docker POC详情
9 A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776) https://github.com/brianwrf/S2-057-CVE-2018-11776 POC详情
10 This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers. https://github.com/649/Apache-Struts-Shodan-Exploit POC详情
11 None https://github.com/jezzus/CVE-2018-11776-Python-PoC POC详情
12 cve-2018-11776 https://github.com/cved-sources/cve-2018-11776 POC详情
13 Spins up an isolated test environment for experimentation with Apache Struts vulnerability CVE-2018-11776. https://github.com/OzNetNerd/apche-struts-vuln-demo-cve-2018-11776 POC详情
14 Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. https://github.com/cucadili/CVE-2018-11776 POC详情
15 Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts. https://github.com/ArunBhandarii/Apache-Struts-0Day-Exploit POC详情
16 None https://github.com/freshdemo/ApacheStruts-CVE-2018-11776 POC详情
17 None https://github.com/sonpt-afk/CVE-2018-11776-FIS POC详情
18 Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-11776.yaml POC详情
19 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Struts2%20S2-057%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2018-11776.md POC详情
三、漏洞 CVE-2018-11776 的情报信息