Executive Summary
| Summary | |
|---|---|
| Title | Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017 |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20170909-struts2-rce | First vendor Publication | 2017-09-09 |
| Vendor | Cisco | Last vendor Modification | 2017-09-09 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The Apache Software Foundation classifies the vulnerability as a Medium Severity vulnerability. For more information about this vulnerability, refer to the Details ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce#details"] section of this advisory. Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by this vulnerability. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZtCUEZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkTQA/9Ho43xJzEYjge+3m3 BZFoLg7LiPBiJmGSC1D66OrygyALwv6+jr/9x1Xctpq2SV1pH0gAXsyBaGLoEj7s BgyW46SClT/1vEV6l5EDQ9fMkaE7NrER9vnSe3P52woEc/isgYKCq8mNS+HVYnQJ gqO9V6AA4OUZSbFwj8fjsqUtW41s/oMSLSHsKyF0nSrqSlQEzDelVzE3cCnOqfTv eGuHvjGamrGvcQx2A0Ajy03rC+/6QS0UfRfApGP8qCV/bJIgJy6w64ySzHv7JAve D4KVYg6VY2jT/fu5p7CHhBFhZI7cIfP/XeWIjW3JX5cLeyN73hBgpCXer5zTG0O3 aiU1f87lWQ1zUlSRAyqzuAI5YBPwwQbVOc0qcsp7AhdUsZycF8+Cgizndy3kDADb qWOieyaXluDqObX30iRB59qCNrhU+eCDhxb9z0/4cDhqZm9rBJQXdkDRWFzDrfqr IAKOBagusDKpp7Oi/Cs/QDyBEPewqoxX2C5+9DXvIbwy5MUWKjj8T4cxDFzV+hC7 AG6bLa+r5sQMWhdieDFfNuqXwQuGDOFXaYoNa3rvqmYQACgha/ep3dtdrcuowAEL m4NaV/2e6RXb2abaA1z0DVXrjETFUp5DxzfdK5AWANdJbH1/WpXpmroAJArAgduf CZWl28Oqso/HJ7j/KsfrAgoHh0Q= =gh8K END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
Alert History
| Date | Informations |
|---|---|
| 2017-09-09 21:22:48 |
|
