Number: AV17-133
Date: 06 September 2017
Purpose
The purpose of this advisory is to bring attention to the recently released critical security updates for Apache Struts.
Assessment
Apache has released Struts 2.3.34 and 2.5.13 which contains security fixes to address critical vulnerabilities and other vulnerabilities in their software.
Versions affected:
Apache Struts 2.3.x, versions 2.1.2 to 2.3.33
Apache Struts 2.5.x, versions 2.5 to 2.5.12
CVE References: CVE-2017-9793, CVE-2017-9804, CVE-2017-9805
Suggested Action
CCIRC recommends that system administrators refer to the linked security bulletin where Apache outlines the updates that remediate these vulnerabilities.
References: