Posted: 8 Sep 2017 16:17 EDT Last activity: 13 Oct 2017 9:22 EDT
PRPC SMA v7.1.7 Apache Struts Vulnerability
We are using PRPC System Management version 7.1.7 and there are some vulnerabilities known for Apache Struts in this current version:
The vulnerability is a programming blunder that resides in the way Struts processes data from an untrusted source. Specifically, Struts REST plugin fails to handle XML payloads while reserializing them properly.All versions of Apache Struts since 2008 (Struts 2.1.2 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12) are affected, leaving all web applications using the framework’s REST plugin vulnerable to remote attackers.
Will update SMA to version 7.2.2 prevent us to have this issue, once Apache Struts version 2.5.13 already resolve this problem?
The resolution for this issue would be to update Apache Struts to version 2.5.13 or to remove Struts REST plugin. Can someone help me on this question?