We are using PRPC System Management version 7.1.7 and there are some vulnerabilities known for Apache Struts in this current version:
The vulnerability is a programming blunder that resides in the way Struts processes data from an untrusted source. Specifically, Struts REST plugin fails to handle XML payloads while reserializing them properly.All versions of Apache Struts since 2008 (Struts 2.1.2 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12) are affected, leaving all web applications using the framework’s REST plugin vulnerable to remote attackers.
Will update SMA to version 7.2.2 prevent us to have this issue, once Apache Struts version 2.5.13 already resolve this problem?
The resolution for this issue would be to update Apache Struts to version 2.5.13 or to remove Struts REST plugin. Can someone help me on this question?
CVE-2017-9804 / s2-050 : SMA does not use the default regex of the URLValidator class
CVE-2017-9793 / s2-051 : SMA does not use REST plugin
CVE-2017-9405 / s2-052 : SMA does not use REST plugin
CVE-2017-12611 / s2-053 : SMA does not use Freemarker
Posted: 6 years ago
Posted: 28 Sep 2017 10:33 EDT
Rodney Jackson (RodneyJ5)