Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

CVE -2018 -11776 (4239884)

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

CVE -2018 -11776
Description

Does CVE-2018-11776 have any impact on Stat 6.1.0?
Resolution

RESOLUTION:
Stat Central Agent 6.1.0 product does not use the conditions below that makes Struts vulnerable (for CVE-2018-11776):
This apply to prior Stat Central Agent versions 5.7.x, 5.8.x, 6.0.x and 6.1.0.
Your Apache Struts implementation is vulnerable to the reported RCE flaw if it meets the following conditions:
• The alwaysSelectFullNamespace flag is set to true in the Struts configuration.
• Struts configuration file contains an "action" or "url" tag that does not specify the optional namespace attribute or specifies a wildcard namespace.
If you wish to ensure that your security compliance detection scanning solution does not flag the Stat Central Agent, please apply 6.1.0 hf-e if you are running Stat 6.1.0. Any versions prior to 6.1.0 will required an upgrade to Stat 6.1.0 first before applying 6.1.0 hf-e.

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Leave a Comment

Recommended Content

Product(s):: Stat

Topic(s):: Policy and Procedures

Article History:: Created on: 8/23/2018
Last Update on: 5/7/2023

Search All Articles

© 2025 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center