STRUTS 2.x Vulnerability - CVE-2017-5638
Updated March 27, 2017
On Sunday, March 19th, 2017, Apache announced a critically rated vulnerability around its STRUTS 2 Framework. This vulnerability will permit unauthenticated, remote code execution on the Apache server. Vulnerable Struts versions are:
- Apache Struts 2.3.5 - Struts 2.3.31 [3]
- Apache Struts 2.5 - Struts 2.5.10
Apache later that week announced a patch for this vulnerability.
What has Ceridian done?
Ceridian performed a review of our Apache systems looking for these specific versions.
Conclusion:
Based upon that review, Ceridian has concluded it is not vulnerable to the STRUTS 2.x vulnerability.