On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package.
The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.
The Apache Software Foundation classifies the vulnerability as a Medium Severity vulnerability.
For more information about this vulnerability, refer to the Details section of this advisory.
Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by this vulnerability.
The following Snort rules can be used to detect possible exploitation of this vulnerability: Snort SIDs 44327 through 44330.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
Security Impact Rating: Critical