Skip to main content
System StatusContact Support
VersionOne Community

Was VersionOne affected by the CVE-2017-5638 Apache Struts Remote Code Execution?

Background


The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 [1] mishandles file upload, which allows remote attackers to execute arbitrary commands via a <code>#cmd=<code> string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017 [2].

Answer

The VersionOne application itself does not utilize the Apache Struts 2 package, therefore the application is not impacted.

  • Was this article helpful?