VDB

CISCO-SA-20180823-APACHE-STRUTS

CISCO-SA-20180823-APACHE-STRUTS PUBLISHED

A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action. In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing. If successful, the attacker could execute arbitrary code in the security context of the affected application on the targeted system. The following Snort rules can be used to detect possible exploitation of this vulnerability: Snort SID 29639, 39190, 39191, and 47634 This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts"]

Timeline

  • Aug 23, 2018 CVE Published
  • Sep 17, 2018 CVE Updated
  • Oct 2, 2020 PoC Published
  • Nov 6, 2020 PoC Published
  • Sep 6, 2021 PoC Published
  • Oct 9, 2024 PoC Published
  • Dec 12, 2024 PoC Published
  • Mar 28, 2025 PoC Published
  • Sep 26, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›