Does anyone have a fixlet or analysis that can check this apache vulnerability CVE-2017-5638?

edmontan · August 24, 2018, 3:06pm

does anyone have a fixlet or Analysis that can check this apache vulnerability CVE-2017-5638?

zevanty · August 29, 2018, 12:10am

It will be helpful if you can tell us which OS you’re looking for.

itsmpro92 · August 29, 2018, 12:58am

The vulnerability is cross platform, since Apache Struts is built on Java. See this article. The vulnerability is being exploited on Linux (more so) and Windows (less so). NIST lists all the affected versions of Struts here.

masonje · August 29, 2018, 1:21pm

I was just asked to look into this as well.

JasonWalker · August 29, 2018, 5:16pm

If you have Inventory, there’s an app on X-Force App Exchange at https://exchange.xforce.ibmcloud.com/hub/extension/781a031ea18ace7304c8b254c31a3690 specific for Struts discovery. Not sure whether this has been incorporated into the default catalog since then.

It’s written to detect CVE-2017-9805 which affects “Struts 2.1.2 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12”. As CVE-2017-5638 affects the subset “2.3.5 - 2.3.31 and 2.5 - 2.5.10”, I expect that fixing CVE-2017-9805 would also correct CVE-2017-5638.

edmontan · September 7, 2018, 2:13pm

thanks will try this on inventory