Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

Apache Struts versions 2 2.0.4 to 2.3.34 and 2.5.x to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then :

- results are used with no namespace and in same time

- its upper package have no or wildcard namespace

Or similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents:

  - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when     alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results     are used with no namespace and in same time, its upper package have no or wildcard namespace and similar     to results, same possibility when using url tag which doesn't have value and action set and in same time,     its upper package have no or wildcard namespace. (CVE-2018-11776)

  - The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31,     8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It     is expected that users of the CORS filter will have configured it appropriately for their environment     rather than using it in the default configuration. Therefore, it is expected that most users will not be     impacted by this issue. (CVE-2018-8014)

  - Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an     authorization bypass when using method security. An unauthorized malicious user can gain unauthorized     access to methods that should be restricted. (CVE-2018-1258)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 13.3.0.0, 13.4.0.0, and 12.1.0.5 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.

  - Vulnerability in the Enterprise Manager Base Platform     product of Oracle Enterprise Manager (component:
    Enterprise Manager Install (jackson-databind)).
    Supported versions that are affected are 13.3.0.0 and     13.4.0.0. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to     compromise Enterprise Manager Base Platform. Successful     attacks of this vulnerability can result in takeover of     Enterprise Manager Base Platform. CVSS 3.1 Base Score     9.8 (Confidentiality, Integrity and Availability     impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
    (CVE-2020-9546)

  - Vulnerability in the Enterprise Manager Base Platform     product of Oracle Enterprise Manager (component:
    Reporting Framework (Apache Struts 2)). Supported     versions that are affected are 13.3.0.0 and 13.4.0.0.
    Difficult to exploit vulnerability allows     unauthenticated attacker with network access via HTTP to     compromise Enterprise Manager Base Platform. Successful     attacks of this vulnerability can result in takeover of     Enterprise Manager Base Platform. CVSS 3.1 Base Score     8.1 (Confidentiality, Integrity and Availability     impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
    (CVE-2018-11776)

  - Vulnerability in the Enterprise Manager Base Platform     product of Oracle Enterprise Manager (component:
    Application Service Level Mgmt (Apache Axis)). Supported     versions that are affected are 12.1.0.5 and 13.3.0.0.
    Difficult to exploit vulnerability allows     unauthenticated attacker with access to the physical     communication segment attached to the hardware where the     Enterprise Manager Base Platform executes to compromise     Enterprise Manager Base Platform. Successful attacks of     this vulnerability can result in takeover of Enterprise     Manager Base Platform. CVSS 3.1 Base Score 7.5     (Confidentiality, Integrity and Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
    (CVE-2019-0227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Cisco Unified Communications Manager (CUCM) running on the remote device is affected by a remote code execution vulnerability. Please see the included Cisco BID and the Cisco Security Advisory for more information.

According to its self-reported version, the Cisco Unified Communications Manager IM & Presence Service is affected by a Remote Code Execution vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

According to its self-reported version, the Cisco Identity Services Engine Software is affected by a struts2 namespace vulnerability.
Please see the included Cisco BID and the Cisco Security Advisory for more information.

The version of Apache Struts running on the remote host is affected by a remote code execution vulnerability in the handling of results with no namespace set. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to potentially execute arbitrary code, subject to the privileges of the web server user.

The version of Apache Struts running on the remote host is 2.3.x prior to 2.3.35, or 2.5.x prior to 2.5.17. It, therefore, contains a possible remote code execution vulnerability when results are used without setting a namespace along with an upper action that does not have a namespace set or has a wildcard namespace set.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
112727	Apache Struts 2.0.4 < 2.3.35 / 2.5.x < 2.5.17 Remote Code Execution (S2-057)	Web App Scanning	Component Vulnerability	high
138901	MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)	Nessus	CGI abuses	critical
138555	Oracle Enterprise Manager Cloud Control (Jul 2020 CPU)	Nessus	Misc.	critical
112289	Cisco Unified Communication Manager Apache Struts RCE (CSCvm14042)	Nessus	CISCO	high
112288	Cisco Unified Communications Manager IM & Presence Service Apache Struts RCE (CSCvm14049)	Nessus	CISCO	high
112219	Cisco Identity Services Engine Struts2 Namespace Vulnerability	Nessus	CISCO	high
112064	Apache Struts CVE-2018-11776 Results With No Namespace Remote Code Execution (S2-057) (remote)	Nessus	CGI abuses	high
112036	Apache Struts CVE-2018-11776 Results With No Namespace Possible Remote Code Execution (S2-057)	Nessus	Misc.	high

Detections

Analytics

CVE-2018-11776

high

Tenable Plugins

high

critical

critical

high

high

high

high

high