On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity.

For more information about the vulnerabilities, refer to the Details section of this advisory.

Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by these vulnerabilities.

The following Snort rule can be used to detect possible exploitation of this vulnerability: Snort SID 44315.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

Security Impact Rating: Critical

CVE: CVE-2017-9793,CVE-2017-9804,CVE-2017-9805

Leave a Reply