Your one-stop web resource providing safety and security information to manufacturers

Oracle released patches for its products to fix vulnerabilities left from the Apache Struts 2 framework.

The flaw’s case number is CVE-2017-9805, for which proof-of-concept (PoC) code published within hours after a patch released by Apache Struts developers Sept. 5.

Oracle Moves to Boost Cloud Security
Misconfigured Port Opens Door to Attackers
Black Hat: ICS Security Movement
Black Hat: Hacking a Wind Farm

The vulnerability was the result of how Struts deserialized untrusted data, which allowed remote code execution and it affected applications that use the REST plugin with the XStream handler for XML payloads.

Oracle released a list of products that use Apache Struts suffered from exposure.

Cyber Security

The list includes Oracle’s MySQL Enterprise Monitor, Communications Policy Management, FLEXCUBE Private Banking, Retail XBRi, Siebel, WebLogic Server, and various Financial Services and Insurance products.

The vulnerability exploited in the wild is not the only Apache Struts issue addressed in Oracle products.

Oracle’s latest updates also fix other Struts vulnerabilities resolved by the Apache Software Foundation.

US-CERT also advised users to review Oracle’s security alert and apply the necessary updates.

Pin It on Pinterest

Share This