What We Do
How We Do
Resources
Company
Partners
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Get Started
Security advisories

RCE Vulnerability in Apache Struts

February 27, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

On August 22, 2018, the Apache Software Foundation acknowledged a critical Remote Code Execution (RCE) vulnerability in all versions of Apache Struts 2 [1]. Successful Remote Code Execution could allow threat actors to perform a variety of malicious actions and potentially gain full remote access to the affected system. Previously, exploits for critical vulnerabilities in Apache Struts were developed a short time after disclosure [2]. The prevalence of Apache Struts combined with the potential impact creates considerable motivation for threat actors to weaponize the latest vulnerability. This vulnerability is being publicly tracked as CVE-2018-11776 [3].

What we’re doing about it

What you should be doing about it

Additional information


Resources:

[1] S2-057
https://cwiki.apache.org/confluence/display/WW/S2-057

[2] Synopsis: Software Integrity Blog: Examining Apache Struts remote code execution vulnerabilities
https://www.synopsys.com/blogs/software-security/apache-struts-remote-code-execution-vulnerabilities/

[3] Common Vulnerabilities and Exposures CVE-2018-11776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776

[4] Semmle Discovers Critical Remote Code Execution Vulnerability in Apache Struts (CVE-2018-11776)
https://semmle.com/news/apache-struts-CVE-2018-11776

View Most Recent Advisories