Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Answered
Fix Version/s: None
Component/s: None
Labels:
None

Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

We have been warned from BTMU for critical Apache strut vulnerability (CVE-2017-9805, CVE-2017-9804, CVE-2017-9805 ).
As you are aware of "Apache Struts Critical Vulnerability", All Servers with Apache Struts 2.3.x or 2.5.x. have to be patched along with Bank Policy (Critical Patch) to minimize impact of Cyber attack via vulnerabilities. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model–view–controller (MVC) architecture. This vulnerability can let attacker to perform remote code execution attack when using REST plugin (CVE-2017-9805). From September 9, 2017

Currently we using product Jira version 7.1.4 this version found apache struts version 2.3.20

We need advice and how to fix it. Or, If all issues is not vulnerable to current struts issue please confirm.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Apache Struts Critical Vulnerability.png
37 kB
15/Dec/2017 6:43 AM

Issue Links

details

JRASERVER-68443 Update Apache Commons FileUpload library

Gathering Interest

mentioned in: Page Loading...

relates to: PSR-210 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: itthiphon.pattarayuttawatt780350496

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 15/Dec/2017 6:40 AM

Updated:: 20/Apr/2022 7:00 PM

Resolved:: 17/Dec/2017 10:25 PM