VDB
CVE-2018-11776
CVE-2018-11776
PUBLISHED
KEV
RCE on Confluence Data Center via OGNL Injection
EPSS 94.43% · 100.0th percentile
Risk Scores
EPSS Score
94.43%
100.0th percentile
Exploit Intelligence
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
- Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications. (github-poc-repo)
…and 2126 more exploits
Timeline
- CVE Published
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
References
- RCE on Confluence Data Center via OGNL Injection advisory
- https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html technical
- https://portswigger.net/kb/issues/00100f20_expression-language-injection technical
- https://commons.apache.org/proper/commons-ognl/language-guide.html technical
- https://www.atlassian.com/blog/rebelutionary/misc/TSS-WebWork2.ppt technical
- https://securitylab.github.com/research/apache-struts-double-evaluation/ technical
- https://securitylab.github.com/research/ognl-injection-apache-struts/ technical
- https://securitylab.github.com/research/apache-struts-CVE-2018-11776/ technical
- https://lgtm.com/projects/g/apache/struts/snapshot/218366b4cd0d8d165f505e8b9e6f3e6bf19d9aae/files/core/src/main/java/org/apache/struts2/components/UIBean.java#L637 technical