Is the SWG vulnerable to new Apache Struts2 vulnerability - CVE-2017-5638?
Updated On:21-03-2017 22:26
On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public.
This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header. Written in Java, Apache Struts 2 is the popular open source web application framework.
SWG does not use "Struts 2", which is the component identified in the vulnerability.