Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The Apache Software Foundation classifies the vulnerability as a Medium Severity vulnerability. For more information about this vulnerability, refer to the Details section of this advisory.Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by this vulnerability.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
http://ift.tt/2wgu52C
On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The Apache Software Foundation classifies the vulnerability as a Medium Severity vulnerability. For more information about this vulnerability, refer to the Details section of this advisory.Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by this vulnerability.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
http://ift.tt/2wgu52C
Security Impact Rating: Critical
CVE: CVE-2017-12611
from Cisco Security Advisory http://ift.tt/2wgu52C