—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

Advisory ID: cisco-sa-20180823-apache-struts

Revision: 1.0

For Public Release: 2018 August 23 16:00 GMT

Last Updated: 2018 August 23 16:00 GMT

CVE ID(s): CVE-2018-11776

+———————————————————————

Summary

=======

A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action. In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing. If successful, the attacker could execute arbitrary code in the security context of the affected application on the targeted system.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbfxJ3XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcziRkP/3o19Og0bprpEvF6rv+jEpnQg8Pm
ZuUn5U7T36sbfiyYsQaRpXvx2FUhLmsx2X6FsLEJHqPi+hyVeB9fkmxq2PKx1Rv3
1lPKnVpsNyHjms50sG1LdjxqzUghXy9Rd0uVypmoZea9fJOUiZ7eHEt8ELarDstu
LRyw9nAnfqK/MPUZgRSnZFj7aJT/owvyuoX04sb6aby+XgGRJJfbXlJf0AaY7+98
d2iNN6vU3uvOvI+mljLYVDs0HcPLi1v6bKq9DkTP9n3xI9GtdExpK1qgaxaW3rGr
PJSTYu2EizGFi1Y8TFgL6DN5+Cq3lQBZtBs/ULIRr81uG1ZxwqYKp+pj0VA68NIk
Tn8pidlqrkPBCqVkWIvo7xUV5AohscRy04k4pcqGAQQvBJj/AsRv9HcgGnkJO2k6
8/EgSQ1fbcYHtbvRBC8Y63ezYuEv3L3FKcmcfM4VWAGThI7LUTPLyZRjpiJvEMFB
lZ0faGxg9jLSiPj1pp4edd5CYj/diWsn47M5f9dSt9GaWo6UfGKhP9dg2v3zpsRl
/rUjB4PttD1E6pD3KYelQmGjC77ASVoIfobTgeRp41oiQuCGCviJYH3lqnfizG22
BjpoS2safGUmwccUJ/Q/GOifjhF+rHkg9Oq+AJgs3zcEEdlJag5jiMu/1Zy8z0m+
9qXWXUdLhAV2tKfR
=0uld
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com