STRUTS 2.x Vulnerability - CVE-2017-5638

Corporate
Code of Conduct
Information Security
Privacy
Report Issue
SOC Reports
Customer Funds

Updated March 27, 2017

On Sunday, March 19th, 2017, Apache announced a critically rated vulnerability around its STRUTS 2 Framework. This vulnerability will permit unauthenticated, remote code execution on the Apache server. Vulnerable Struts versions are:

Apache Struts 2.3.5 - Struts 2.3.31 [3]
Apache Struts 2.5 - Struts 2.5.10

Apache later that week announced a patch for this vulnerability.

What has Ceridian done?
Ceridian performed a review of our Apache systems looking for these specific versions.

Conclusion:
Based upon that review, Ceridian has concluded it is not vulnerable to the STRUTS 2.x vulnerability.

Search here

Find anything about our product, search our documentation, and more. Enter a query in the search input above, and results will be displayed as you type.

Dayforce

Enterprise HCM Software

STRUTS 2.x Vulnerability - CVE-2017-5638

Corporate

Code of Conduct

Information Security

Privacy

Report Issue

SOC Reports

Customer Funds