On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity.

For more information about the vulnerabilities, refer to the Details section of this advisory.

Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by these vulnerabilities.

The following Snort rule can be used to detect possible exploitation of this vulnerability: Snort SIDs 44315 and 44327 through 44330.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

Security Impact Rating: Critical

CVE: CVE-2017-9793,CVE-2017-9804,CVE-2017-9805

Leave a Reply