This question was originally posted on DCIM Support by Steve David on 2017-09-07
Hi All, I have a customer running 7.4.1 and they received the following security vulnerability message
I've checked the Software Vulnerability Scan page and the Security Fixes page, but CVE-2017-9805 is not listed.
Struts versions 2.5- 2.5.12 are affected when used in conjunction with the REST plugin.
1. Have you reviewed your environment for exposure to this vulnerability? (yes/no)
2. Have you taken action to fully address the vulnerability? (yes/no)
3. If the vulnerability hasn't been addressed via patching, have you mitigated via other means? (yes/no)
4. Please provide details, including timing, for when the vulnerability will be fully patched or otherwise mitigated.
For more information on the issue:
Can you please advise the course of action needed? Thanks
Solved! Go to Solution.
This answer was originally posted on DCIM Support by Steven Marchetti on 2017-09-07
Please disregard my previous answer. I know why we had no documentation on this and I should have remembered. We don't use Struts. I'm guessing your notification is a false positive.
There are actually a few posts related to Struts:
This comment was originally posted on DCIM Support by Steve David on 2017-09-07
Thanks Steve. If we are not using Apache Struts framework, how can we explain why the system scanned for that vulnerability and detected it?
This comment was originally posted on DCIM Support by Steven Marchetti on 2017-09-07
There are often false positives in scanning, perhaps it's simply checking the wrong thing, I don't know. I can only tell you that the component that would be responsible for this vulnerability does not exist in DCE. Did you ask what was used to scan the system? If it's a VM did they possibly scan the wrong system?
Discuss challenges and get support in energy and automation with 30,000+ experts and peers.
Over 10,000+ support articles are available to help you find answers to your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!