Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability

Apache OpenWhisk is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.

Information

Bugtraq ID: 104915
Class: Input Validation Error
CVE: CVE-2018-11756

Remote: Yes
Local: No
Published: Jul 23 2018 12:00AM
Updated: Jul 23 2018 12:00AM
Credit: Yuri Shapira and Ory Segal of PureSec.
Vulnerable: Apache OpenWhisk 1.0

Not Vulnerable: Apache OpenWhisk 1.0.2
Apache OpenWhisk 1.0.1

Exploit

The researcher has created a functional exploit to demonstrate the issue. Please see the references for more information.

References:

Apache Homepage (Apache)
[CVE] CVE-2018-11756 PHP Runtime for Apache OpenWhisk (Apache)
PureSec Security Advisory (puresec.io)

Source: www.securityfocus.com

Exploit Collector

Search Exploit