Select Page

[Overview]

Apache Struts2 is an MVC framework for building Java-based web applications. In the MVC design pattern, Struts2 acts as a controller to establish data interaction between the model and the view. Recently, Apache Struts2 officially released a security notification of the remote code execution vulnerability fix.

[Vulnerability Details]

CVE-2018-11776: The Apache Struts2 vulnerability has a vulnerability of expression language injection. If no other namespace is specified (or a default namespace is specified), some Struts.xml configurations will mistake the Repuest-URL namespace component for an OGNL expression.

An attacker could exploit this vulnerability by sending an HTTP request containing a malicious namespace to the target server. If the vulnerability is exploited, it will cause the attacker to execute arbitrary code on the target server, reach the control server, and disclose sensitive information.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776

[Severity]

Critical

[Affected Versions]

  • Apache Software Foundation Struts 2 2.3 through 2.3.34
  • Apache Software Foundation Struts 2 2.5 through 2.5.16

[Suggestions]

Update the bug fix release provided by Jenkins to eliminate the damage caused by the vulnerability.


Only accept requests from trusted hosts

Official statement: https://cwiki.apache.org/confluence/display/WW/S2-057

[Hillstone Networks Solutions]

Hillstone Networks has added signatures to the IPS signature database version 2.1.254. By deploying any Hillstone Networks solution with the IPS function, the the Apache Struts 2 namespace Expression Language Injection vulnerability can be quickly detected and effectively intercepted, preventing the server from being attacked.

Threat Events Detected by Hillstone Solutions

Vulnerability Detail Description

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level