Thursday, August 23, 2018

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action. In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing. If successful, the attacker could execute arbitrary code in the security context of the affected application on the targeted system.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts


Security Impact Rating: Critical
CVE: CVE-2018-11776

from Cisco Security Advisory https://ift.tt/2LkILFq

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.