Is Data Center Security Server (DCS) product family vulnerable to the Apache Struts (CVE-2017-5638) vulnerability?

search cancel

Is Data Center Security Server (DCS) product family vulnerable to the Apache Struts (CVE-2017-5638) vulnerability?

book

Article ID: 164815

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Monitoring Edition Critical System Protection Client Edition Data Center Security Server Advanced

Issue/Introduction

You want to know if your Symantec Data Center Security Server Advanced (DCSSA), or the Critical System Protection (SCSP) are vulnerable to the Apache Struts exploit.

Cause

Possible remote code execution when performing file upload based on Jakarta Multipart parser.

https://cwiki.apache.org/confluence/display/WW/S2-045

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

Resolution

Neither the DCSSA nor SCSP use the Struts web application framework, therefore they are not vulnerable to the exploit.

Feedback

thumb_up Yes

thumb_down No