STRUTS 2.x Vulnerability - CVE-2017-5638

Updated March 27, 2017

On Sunday, March 19th, 2017, Apache announced a critically rated vulnerability around its STRUTS 2 Framework. This vulnerability will permit unauthenticated, remote code execution on the Apache server.  Vulnerable Struts versions are:

  • Apache Struts 2.3.5 - Struts 2.3.31 [3]
  • Apache Struts 2.5 - Struts 2.5.10

Apache later that week announced a patch for this vulnerability.

What has Ceridian done?
Ceridian performed a review of our Apache systems looking for these specific versions. 

Based upon that review, Ceridian has concluded it is not vulnerable to the STRUTS 2.x vulnerability. 

Find anything about our product, search our documentation, and more. Enter a query in the search input above, and results will be displayed as you type.