On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package.

The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.

The Apache Software Foundation classifies the vulnerability as a Medium Severity vulnerability.

For more information about this vulnerability, refer to the Details section of this advisory.

Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by this vulnerability.

The following Snort rules can be used to detect possible exploitation of this vulnerability: Snort SIDs 44327 through 44330.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce

Security Impact Rating: Critical

CVE: CVE-2017-12611

Leave a Reply