[HCPUB-2801] Apache Struts 2 Remote Code Execution (CVE-2017-5638) Created: 09/Mar/2017 Updated: 30/Aug/2017 Resolved: 10/Mar/2017
|Fix Version/s:||HCS 2.2.2|
|Labels:||CVE-2017-5638, advisory, advisory-released, injection, rce, security|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Last commented:||1 year, 28 weeks ago|
|Last commented by user?:||true|
HipChat Server has a version of the Apache Struts2 that is vulnerable to remote network attackers who can potentially execute code on vulnerable versions of HipChat Server to:
To exploit this issue, attackers need to have network access to a HipChat Server instance.
We have taken the following steps to address these issues:
For additional details see the full advisory.
|Comment by John Pfeiffer [ 10/Mar/2017 ]|
Fixed in the latest release:
Details of the security advisory: