Despite the huge advantages that containers offer in application portability, acceleration of CI/CD pipelines and agility of deployment environments, the biggest concern has always been about isolation. Since all the containers running on a host share the same underlying kernel, any malicious code breaking out of a container can compromise the entire host, and hence […]
分类: vulnerability
Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776
A new remote code execution vulnerability in Apache Struts 2, CVE-2018-11776, was disclosed yesterday. While this vulnerability does not exist with a default configuration of Struts, it does exist in commonly seen configurations for some Struts plugins. Update August 24, 2018: A dashboard for this vulnerability is now available to download. The Vulnerability Struts improperly […]