search cancel

Is APM Affected by the Apache Struts 2 CVE-2017-5638 vulnerability?


Article ID: 6207


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE


    The CVE-2017-5638 vulnerability was recently detected for the Apache Struts library: . Does this vulnerability affect any version of APM?


All supported versions of APM (up to release APM 10.5.1).


     The CVE-2017-5638 vulnerability report describes two Struts 2 framework classes which allow for the vulnerability (specifically the and classes).

APM currently makes use of the Struts 1.1, Struts 1.2.7 and Struts-menu2.3 frameworks, which do not make use the affected classes. The Struts-menu 2.3 library(though v2.3) is an independent library and the classes affected are not available in any Struts 1.x framework. Therefore APM is not affected by this vulnerability.

Additional Information

     As always, please contact CA Support if you have any further questions.