Support Content Notification - Support Portal

BSA-2018-700

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21680

Last Updated

23 August 2018

Initial Publication Date

23 August 2018

Status

Closed

Severity

Critical

CVSS Base Score

9.8

WorkAround

N/A

Affected CVE

CVE-2018-11776

Summary

Security Advisory ID : BSA-2018-700

Component : Apache Struts 2

Revision : 1.0: Final

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.

Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	August 23, 2018