Skip to content
/ CVE-2018-11776 Public

Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cucadili/CVE-2018-11776

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
README.md
README.md
 
 
log.PNG
log.PNG
 
 
module_kernel.ko
module_kernel.ko
 
 
test.rules
test.rules
 
 

Repository files navigation

CVE-2018-11776

Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications.

Install and Exploiting https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

Suricata

In the file "test.rules " presents a rule for the Suricata utility. The rule allows network traffic to detect exploitable vulnerabilities. The rule is connected in the /etc/suricata/suricata file.yaml:

    default-rule-path: /etc/suricata 
    rule-files: 
     - test.rules

RUN:

suricata -c /etc/suricata/suricata.yaml –i docker0

Log /var/log/suricata/fast.log alt text

Kernel module

The kernel module blocks malicious network packets and writes to a log file. The module handles only incoming traffic. The processing function finds TCP packets, identifies in the data field whether the HTTP request is a GET request, and if it is, checks whether the packet contains a previously defined signature. Install

sudo insmod module_kernel.ko

Output results

sudo dmesg

About

Investigation of CVE-2018-11776 vulnerability that allows attackers to remotely execute code and gain control over Apache Struts-based applications.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages