Lyrie
Active Exploitation
ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·11/3/2021

CVE-2018-11776 added to CISA KEV: Apache Struts

Status: ✅ Confirmed exploited in the wild

Date added: 2021-11-03

Required action: Apply updates per vendor instructions.

Due date: 2022-05-03

Why this matters

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.

Sources

Lyrie Verdict

Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.

#apache#struts#cisa-kev#exploited-itw

Validated sources

  1. [1]CISA Known Exploited Vulnerabilities Catalog
  2. [2]NVD entry
  3. [3]MITRE CVE record