Endpoint Vulnerability

Apache Struts security advisory S2-057

Description

It is possible to perform a RCE attack whennamespacevalue isn't set for a result defined in underlying xml configurations and in same time, its upper action(s) configurations have no or wildcardnamespace. Same possibility when usingurltag which doesn t havevalueandactionset and in same time, its upper action(s) configurations have no or wildcardnamespace.

Affected Products

Apache Struts

References

CVE-2018-11776,