Skip to Content.
Sympa Menu

cv-announce-l - [cv-announce-l] Apache Struts 2 Vulnerabilities (CVE-2017-7525 & CVE-2017-15707)

Please Wait...

cv-announce-l@list.iu.edu

Subject: cv alerts list

List archive

[cv-announce-l] Apache Struts 2 Vulnerabilities (CVE-2017-7525 & CVE-2017-15707)


Chronological Thread  
  • From: Andrew K Adams <akadams@psc.edu>
  • To: cv-announce@trustedci.org
  • Subject: [cv-announce-l] Apache Struts 2 Vulnerabilities (CVE-2017-7525 & CVE-2017-15707)
  • Date: Fri, 8 Dec 2017 11:10:34 -0500

CI Operators and CI Developers


Two vulnerabilities [1][2] have been reported with the Apache Struts framework [3][4] that affect versions before 2.5.14.1 when used with the REST plugin.


Summary:

A malicious actor can exploit the more severe of the two vulnerabilities by submitting a specially crafted JSON packet. Once processed by the REST plugin, the actor may be able to execute arbitrary code in the context of the application. Versions of Struts before 2.5.14.1 are affected.


Recommendations:

Upgrade to 2.5.14.1.


References:

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15707

[3] https://cwiki.apache.org/confluence/display/WW/S2-054

[4] https://cwiki.apache.org/confluence/display/WW/S2-055


How CTSC can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. CTSC can not provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (http://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.




  • [cv-announce-l] Apache Struts 2 Vulnerabilities (CVE-2017-7525 & CVE-2017-15707), Andrew K Adams, 12/08/2017

Archive powered by MHonArc 2.6.24.

Top of Page