Details
-
Suggestion
-
Resolution: Answered
-
None
-
None
-
None
Description
We have been warned from BTMU for critical Apache strut vulnerability (CVE-2017-9805, CVE-2017-9804, CVE-2017-9805 ).
As you are aware of "Apache Struts Critical Vulnerability", All Servers with Apache Struts 2.3.x or 2.5.x. have to be patched along with Bank Policy (Critical Patch) to minimize impact of Cyber attack via vulnerabilities. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model–view–controller (MVC) architecture. This vulnerability can let attacker to perform remote code execution attack when using REST plugin (CVE-2017-9805). From September 9, 2017
Currently we using product Jira version 7.1.4 this version found apache struts version 2.3.20
We need advice and how to fix it. Or, If all issues is not vulnerable to current struts issue please confirm.
Attachments
Issue Links
- details
-
JRASERVER-68443 Update Apache Commons FileUpload library
- Gathering Interest
- mentioned in
-
Page Loading...
- relates to
-
PSR-210 Loading...