Apache Struts 2 vulnerability

book

Article ID: 15006

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

 

On July 7, 2017 a vulnerability was detected that affects Apache Struts versions 2.3.x.  The following is more information on this vulnerability:

 

 



Is UIM/UMP vulnerable to the Apache Struts 2 Remote Code Execution Vulnurability?

Environment

Release: CNMSPP99000-8.47-Unified Infrastructure Mgmt-Server Pack-- On Prem
Component:

Resolution

UMP uses Apache Struts version 1.2.  As a result, this vulnerability can be safely ignored for UIM and UMP. This has been verified with development, where they confirmed through the struts-config.xml file located on the UMP server OS Nimsoft\probes\service\wasp\webapps\ROOT\WEB-INF. If you open this file in Notepad, it shows the Apache Struts version of 1.2.