Refine your search
6 vulnerabilities found for enterprise_manager_base_platform by oracle
CVE-2021-3517 (GCVE-0-2021-3517)
Vulnerability from nvd
Published
2021-05-19 13:45
Modified
2025-12-02 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2021-e3ed1ba38b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
},
{
"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"name": "FEDORA-2021-b950000d2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:32:30.725398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:34:00.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libxml2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libxml2 2.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:35:17.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2021-e3ed1ba38b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
},
{
"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"name": "FEDORA-2021-b950000d2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libxml2",
"version": {
"version_data": [
{
"version_value": "libxml2 2.9.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2021-e3ed1ba38b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
},
{
"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"name": "FEDORA-2021-b950000d2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-05"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210625-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211022-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3517",
"datePublished": "2021-05-19T13:45:00.000Z",
"dateReserved": "2021-04-27T00:00:00.000Z",
"dateUpdated": "2025-12-02T21:34:00.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-7595 (GCVE-0-2020-7595)
Vulnerability from nvd
Published
2020-01-21 22:54
Modified
2025-12-03 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-41fe1680f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"
},
{
"name": "USN-4274-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4274-1/"
},
{
"name": "FEDORA-2020-0c71c00af4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"
},
{
"name": "FEDORA-2020-7694e8be73",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"
},
{
"name": "openSUSE-SU-2020:0681",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0005/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"
},
{
"name": "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"name": "GLSA-202010-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-7595",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:33:37.839093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:50:13.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:23:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-41fe1680f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"
},
{
"name": "USN-4274-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4274-1/"
},
{
"name": "FEDORA-2020-0c71c00af4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"
},
{
"name": "FEDORA-2020-7694e8be73",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"
},
{
"name": "openSUSE-SU-2020:0681",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0005/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"
},
{
"name": "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"name": "GLSA-202010-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-41fe1680f6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"
},
{
"name": "USN-4274-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4274-1/"
},
{
"name": "FEDORA-2020-0c71c00af4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"
},
{
"name": "FEDORA-2020-7694e8be73",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"
},
{
"name": "openSUSE-SU-2020:0681",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200702-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200702-0005/"
},
{
"name": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"
},
{
"name": "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"name": "GLSA-202010-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7595",
"datePublished": "2020-01-21T22:54:14.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2025-12-03T15:50:13.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-11776 (GCVE-0-2018-11776)
Vulnerability from nvd
Published
2018-08-22 13:00
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Struts |
Version: 2.3 to 2.3.34 Version: 2.5 to 2.5.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041888",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "45367",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45367/"
},
{
"name": "45262",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45262/"
},
{
"name": "105125",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105125"
},
{
"name": "1041547",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041547"
},
{
"name": "45260",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45260/"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-11776",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:01:33.678556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:48.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2018-11776 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Struts",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.3 to 2.3.34"
},
{
"status": "affected",
"version": "2.5 to 2.5.16"
}
]
}
],
"datePublic": "2018-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "1041888",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "45367",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45367/"
},
{
"name": "45262",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45262/"
},
{
"name": "105125",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105125"
},
{
"name": "1041547",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1041547"
},
{
"name": "45260",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45260/"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
},
{
"url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
},
{
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
},
{
"url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
},
{
"url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11776",
"datePublished": "2018-08-22T13:00:00.000Z",
"dateReserved": "2018-06-05T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:48.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3517 (GCVE-0-2021-3517)
Vulnerability from cvelistv5
Published
2021-05-19 13:45
Modified
2025-12-02 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2021-e3ed1ba38b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
},
{
"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"name": "FEDORA-2021-b950000d2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:32:30.725398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:34:00.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libxml2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libxml2 2.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:35:17.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2021-e3ed1ba38b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
},
{
"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"name": "FEDORA-2021-b950000d2b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libxml2",
"version": {
"version_data": [
{
"version_value": "libxml2 2.9.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2021-e3ed1ba38b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
},
{
"name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"name": "FEDORA-2021-b950000d2b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-05"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210625-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211022-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3517",
"datePublished": "2021-05-19T13:45:00.000Z",
"dateReserved": "2021-04-27T00:00:00.000Z",
"dateUpdated": "2025-12-02T21:34:00.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-7595 (GCVE-0-2020-7595)
Vulnerability from cvelistv5
Published
2020-01-21 22:54
Modified
2025-12-03 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-41fe1680f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"
},
{
"name": "USN-4274-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4274-1/"
},
{
"name": "FEDORA-2020-0c71c00af4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"
},
{
"name": "FEDORA-2020-7694e8be73",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"
},
{
"name": "openSUSE-SU-2020:0681",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0005/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"
},
{
"name": "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"name": "GLSA-202010-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-7595",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:33:37.839093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:50:13.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:23:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-41fe1680f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"
},
{
"name": "USN-4274-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4274-1/"
},
{
"name": "FEDORA-2020-0c71c00af4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"
},
{
"name": "FEDORA-2020-7694e8be73",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"
},
{
"name": "openSUSE-SU-2020:0681",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0005/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"
},
{
"name": "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"name": "GLSA-202010-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-41fe1680f6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"
},
{
"name": "USN-4274-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4274-1/"
},
{
"name": "FEDORA-2020-0c71c00af4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"
},
{
"name": "FEDORA-2020-7694e8be73",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"
},
{
"name": "openSUSE-SU-2020:0681",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200702-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200702-0005/"
},
{
"name": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"
},
{
"name": "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
},
{
"name": "GLSA-202010-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202010-04"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7595",
"datePublished": "2020-01-21T22:54:14.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2025-12-03T15:50:13.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-11776 (GCVE-0-2018-11776)
Vulnerability from cvelistv5
Published
2018-08-22 13:00
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Struts |
Version: 2.3 to 2.3.34 Version: 2.5 to 2.5.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041888",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "45367",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45367/"
},
{
"name": "45262",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45262/"
},
{
"name": "105125",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105125"
},
{
"name": "1041547",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041547"
},
{
"name": "45260",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45260/"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-11776",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:01:33.678556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:48.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2018-11776 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Struts",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.3 to 2.3.34"
},
{
"status": "affected",
"version": "2.5 to 2.5.16"
}
]
}
],
"datePublic": "2018-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn\u0027t have value and action set and in same time, its upper package have no or wildcard namespace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "1041888",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "45367",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45367/"
},
{
"name": "45262",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45262/"
},
{
"name": "105125",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105125"
},
{
"name": "1041547",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1041547"
},
{
"name": "45260",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45260/"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"url": "https://cwiki.apache.org/confluence/display/WW/S2-057"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"
},
{
"url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180822-0001/"
},
{
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"
},
{
"url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
},
{
"url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11776",
"datePublished": "2018-08-22T13:00:00.000Z",
"dateReserved": "2018-06-05T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:48.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}