Apache Struts 2 vulnerability

Document ID:  TEC1439649
Last Modified Date:  07/17/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Unified Infrastructure Management

Releases

  • CA Unified Infrastructure Management:Release:8.0
  • CA Unified Infrastructure Management:Release:8.1
  • CA Unified Infrastructure Management:Release:8.2
  • CA Unified Infrastructure Management:Release:8.31
  • CA Unified Infrastructure Management:Release:8.4
  • CA Unified Infrastructure Management:Release:8.41
  • CA Unified Infrastructure Management:Release:8.42
  • CA Unified Infrastructure Management:Release:8.47
  • CA Unified Infrastructure Management:Release:8.5
  • CA Unified Infrastructure Management:Release:8.51

Components

  • UNIFIED INFRASTRUCTURE MGMT:CAUIM
  • UIM - UMP:UIMUMP
Introduction:

 

On July 7, 2017 a vulnerability was detected that affects Apache Struts versions 2.3.x.  The following is more information on this vulnerability:

 

 

Question:

Is UIM/UMP vulnerable to the Apache Struts 2 Remote Code Execution Vulnurability?

Answer:

UMP uses Apache Struts version 1.2.  As a result, this vulnerability can be safely ignored for UIM and UMP. This has been verified with development, where they confirmed through the struts-config.xml file located on the UMP server OS Nimsoft\probes\service\wasp\webapps\ROOT\WEB-INF. If you open this file in Notepad, it shows the Apache Struts version of 1.2.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing