BSA-2017-428
21351
13 October 2017
08 September 2017
Closed
Low
3.7
N/A
CVE-2017-9804
Summary
Security Advisory ID : BSA-2017-428
Component : Apache Struts
Revision : 2.0: Interim
The previous fix issued with CVE-2017-7672 was incomplete. If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Affected versions: Struts 2.3.7 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12.
Affected Products
Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.
Products Confirmed Not Vulnerable
Brocade Fabric OS, Brocade NetIron OS, Brocade Network OS, Brocade ServerIron ADX, Brocade SLX-OS, Brocade Virtual ADX, and Brocade Workflow Composer are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 |
Initial Publication |
September 8, 2017 |
2.0 |
Updated to address ADX, vADX, & WC |
October 13, 2017 |