Dashboards and Reporting: Apache Struts RCE Vulnerabilities: CVE-2017-5638 and CVE-2018-11776

Document created by DMFezzaReed Employee on Aug 23, 2018Last modified by DMFezzaReed Employee on Aug 28, 2018
Version 22Show Document
  • View in full screen mode

Visualize your Apache Struts RCE Vulnerability Risk Posture in Seconds Leveraging Qualys Dynamic Dashboards

For background on the vulnerabilities associated with this dashboard, please see Detect and Block the Struts Critical Vulnerability CVE-2017-5638 AND Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776.        

       

 

 

New Vulnerability Management Apache Struts Dashboard BETA 

VMDASH-Apache_Struts_RCE_CVE-2017-5638_&_CVE-2018-11776_dashboard.zip Updated Aug 24, 2018

New AssetView Apache Struts Dashboard

AVDASH-Apache_Struts_RCE_CVE-2017-5638_&_CVE-2018-11776_dashboard.zip Added Aug 24, 2018

 

APIv2 Resources for Apache Struts CVE-2017-5638 and CVE-2018-11776

 

APIv2 Quick Reference

Please refer to the most current version of the Qualys API v2 Guide in Documentation | Qualys, Inc.  for the most accurate criteria available within the API.

 

Which API Server URL to Use: The Qualys API server URL that you should use for API requests depends on the platform where your account is located.  Platform Login

 

Qualys US Platform 1 https://qualysapi.qualys.com

Qualys US Platform 2 https://qualysapi.qg2.apps.qualys.com

Qualys US Platform 3 https://qualysapi.qg3.apps.qualys.com

Qualys EU Platform 1 https://qualysapi.qualys.eu

Qualys EU Platform 2 https://qualysapi.qg2.apps.qualys.eu

Qualys India Platform 1 https://qualysapi.qg1.apps.qualys.in

 

Criteria for a Dynamic Search List (POST)

 

Base cURL CMD String

curl -u “USERID:PASSWORD" -H "X-Requested-With:Curl” -X "POST" "https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/dynamic/?action=create&echo_request=1&global=1&title=Apache_Struts2_Namespace_RCE_CVE-2018-11776&{add your preferred criteria here}"

Additional APIv2 Criteriatitle={value}&global={0|1}&comments={value}&vuln_title={value}&not_vuln_title={0|1}&discovery_methods={value}&auth_types={value}&user_configuration={value}&categories={value}&not_categories={0|1}&confirmed_severities={value}&potential_vulnerabilities={value}&ig_severities={value}&vendor_ids={value}&not_vendor_ids={0|1}&products={value}&not_products={0|1}&cvss_base={value}&cvss_base_operand={1|2}&cvss_temp={value}&cvss_temp_operand={1|2}&cvss_access_vector={value}&cvss3_base={value}&cvss3_base_operand={1|2}&cvss3_temp={value}&cvss3_temp_operand={1|2}&cvss_access_vector={value}&patch_available={0|1}&virtual_patch_available={0|1}&cve_ids={value}&not_cve_ids={0|1}&exploitability={value}&malware_associated={value}&vendor_refs={value}&not_vendor_refs={0|1}&bugtraq_id={value}&not_bugtraq_id={0|1}&vuln_details={value}&compliance_details={value}&compliance_types={value}&qualys_top_lists={value}&qids_not_exploitable={0|1}&non_running_services={0|1}&sans_20={0|1}&nac_nam={0|1}&vuln_provider={0|1}&user_modified_date_between={value}&user_modified_date_today={0|1}&user_modified_date_in_previous={value}&user_modified_date_within_last_days={value}&not_user_modified={0|1}&service_modified_date_between={value}&service_modified_date_today={0|1}&service_modified_date_in_previous={value}&service_modified_date_within_last_days={value}&not_service_modified={0|1}&published_date_between={value}&published_date_today={0|1}&published_date_in_previous={value}&published_date_within_last_days={value}&not_published={0|1}&supported_modules={value}&
Sample of Base Command Execution Results

Criteria for a Static QID Search List (POST)

 

Base cURL CMD Stringcurl -u “USERID:PASSWORD" -H "X-Requested-With:Curl” -X "POST" "https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/static/?action=create&echo_request=1&global=1&title=Apache_Struts2_Namespace_RCE-QIDs&qids=13251,371151,226008&{add your preferred criteria here}"
Additional APIv2 Criteria&title={value}&qids={num1,num2…}&comments={value}&
Sample of Base Command Execution Results

Criteria for a Scan Report Template (POST)

 

Base cURL CMD Stringcurl -u “USERID:PASSWORD" -H "X-Requested-With:Curl” -X "POST" "https://qualysapi.qualys.com/api/2.0/fo/report/template/scan/?action=create&echo_request=1&global=1&report_format=xml&owner={value}&title=RPT-Apache_Struts2_Namespace_RCE&owner=user_id&{add your preferred criteria here}"
Additional APIv2 Criteria

Target

scan_selection={HostBased|ScanBased}&include_trending={0|1}&limit_timeframe={0|1}&selection_type={day|month|weeks|date|none|scans}&selection_range={1|3|5|7|15|30|60|90}&asset_groups={value}&asset_group_ids={value}&network={value}&ips={value}xml}&tag_set_by={name|id}&tag_include_selector={ALL|ANY}&tag_set_include={value}&tag_exclude_selector={ALL|ANY}&tag_set_exclude={value}&host_with_cloud_agents={all|scan|agent}&display_text_summary={0|1}&graph_business_risk={0|1}&graph_vuln_over_time={0|1}&graph_status={0|1}&graph_potential_status={0|1}&graph_severity={0|1}&

Display

graph_potential_severity={0|1}&graph_ig_severity={0|1}&graph_top_categories={0|1}&graph_top_vulns={0|1}&graph_os={0|1}&graph_services={0|1}&graph_top_ports={0|1}&display_custom_footer={0|1}&display_custom_footer_text={value}&sort_by={host|vuln|os|group|service|port}&cvss={all|cvssv2|cvssv3}&host_details={0|1}&metadata_ec2_instances={0|1}&include_text_summary={0|1}&include_vuln_details={0|1}&include_vuln_details_threat={0|1}&include_vuln_details_impact={0|1}&include_vuln_details_solution={0|1}&include_vuln_details_vpatch={0|1}&include_vuln_details_compliance={0|1}&include_vuln_details_exploit={0|1}&include_vuln_details_malware={0|1}&include_vuln_details_results={0|1}&include_vuln_details_reopened={0|1}&include_vuln_details_appendix={0|1}&exclude_account_id={0|1}&

 

Filters

selective_vulns={complete|custom}&search_list_ids={value}&exclude_qid_option={0|1}&exclude_search_list_ids={value}&included_os={value}&status_new={0|1}&status_active={0|1}&status_reopen={0|1}&status_fixed={0|1}&vuln_active={0|1}&vuln_disabled={0|1}&vuln_ignored={0|1}&potential_active={0|1}&potential_disabled={0|1}&potential_ignored={0|1}&ig_active={0|1}&ig_disabled={0|1}&ig_ignored={0|1}&display_non_running_kernels={0|1}&exclude_non_running_kernel={0|1}&exclude_non_running_services={0|1}&exclude_qids_not_exploitable_due_to_configuration={0|1}&exclude_superceded_patches={0|1}&categories_list={value}&

ServicesandPorts

required_services={value}&unauthorized_services={value}&required_ports={value}&unauthorized_ports={value}&

 

UserAccess

global={0|1}&report_access_users={value}&

Sample of Base Command Execution Results

 

 

Detect and Block the Struts Critical Vulnerability CVE-2017-5638

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA 

Back to Dashboarding and Reporting 

Outcomes