BSA-2018-700
21680
23 August 2018
23 August 2018
Closed
Critical
9.8
N/A
CVE-2018-11776
Summary
Security Advisory ID : BSA-2018-700
Component : Apache Struts 2
Revision : 1.0: Final
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.
Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | August 23, 2018 |