CVE-2018-11776CISA KEV: Actively Exploited

Apache Struts Remote Code Execution Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.

Public Exploits & PoCs15 found

PoC: struts-pwn_CVE-2018-11776

An exploit for Apache Struts CVE-2018-11776

301

PoC: CVE-2018-11776-Python-PoC

Working Python test and PoC for CVE-2018-11776, includes Docker lab

124

PoC: Apache-Struts-Shodan-Exploit

This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers.

54

PoC: Strutter

Proof of Concept for CVE-2018-11776

22

PoC: S2-057-CVE-2018-11776

A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776)

15

PoC: CVE-2018-11776

Creating a vulnerable environment and the PoC

14

PoC: Apache-Struts-0Day-Exploit

Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts.

12

PoC: CVE-2018-11776

Vulnerable docker container for CVE-2018-11776

10

PoC: CVE-2018-11776

CVE-2018-11776(S2-057) EXPLOIT CODE

10

PoC: CVE-2018-11776

Environment for CVE-2018-11776 / S2-057 (Apache Struts 2)

4

PoC: cve-2018-11776

cve-2018-11776

1

PoC: CVE-2018-11776

PoC Script for the CVE-2018-11776 vuln

PoC: CVE-2018-11776

Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications.

PoC: apche-struts-vuln-demo-cve-2018-11776

Spins up an isolated test environment for experimentation with Apache Struts vulnerability CVE-2018-11776.

PoC: CVE-2018-11776

Docker image for a vulnerable struts app

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free