Lucene search

Huawei TechnologiesHUAWEI-SA-20160527-01-STRUTS2

HistoryMay 27, 2016 - 12:00 a.m.

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

2016-05-2700:00:00

Huawei Technologies

www.huawei.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.975 High

EPSS

Percentile

100.0%

JSON

Apache Struts2 released a remote code execution vulnerability in S2-032 on the official website,when Dynamic Method Invocation (DMI) is enabled, an exploit could allow the attacker to cause remote code execution.(Vulnerability ID: HWPSIRT-2016-04052)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-3081.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en

Affected configurations

Vulners

Node

huaweiagile_controller-campusMatchv100r002c00

huaweianyofficeMatchv200r005c00

huaweianyofficeMatchv200r006c00

huaweifirehunter6000Matchv100r001c20

huaweilogcenterMatchv100r001c10

huaweilogcenterMatchv100r001c20

huaweioceanstor_5300_firmwareMatchv300r001

huawei5500Matchv300r001

huaweioceanstor_5600_v3_firmwareMatchv300r001

huaweioceanstor_5800_v3Matchv300r001

huawei6800Matchv300r001

huaweioceanstor_18500_firmwareMatchv300r001

huaweioceanstor_5800_v3Matchv300r001

huawei18800Matchv300r001

huawei18800fMatchv300r001

huaweioceanstor_5300_firmwareMatchv300r002

huawei5500Matchv300r002

huaweioceanstor_5600_v3_firmwareMatchv300r002

huaweioceanstor_5800_v3Matchv300r002

huawei6800Matchv300r002

huaweioceanstor_18500_firmwareMatchv300r002

huaweioceanstor_5800_v3Matchv300r002

huawei18800Matchv300r002

huawei18800fMatchv300r002

huaweioceanstor_5300_firmwareMatchv300r003c00

huawei5500Matchv300r003c00

huaweioceanstor_5600_v3_firmwareMatchv300r003c00

huaweioceanstor_5800_v3Matchv300r003c00

huawei6800Matchv300r003c00

huaweioceanstor_18500_firmwareMatchv300r003c00

huaweioceanstor_5800_v3Matchv300r003c00

huawei18800Matchv300r003c00

huawei18800fMatchv300r003c00

huaweioceanstor_5300_firmwareMatchv300r003c10

huawei5500Matchv300r003c10

huaweioceanstor_5600_v3_firmwareMatchv300r003c10

huaweioceanstor_5800_v3Matchv300r003c10

huawei6800Matchv300r003c10

huaweioceanstor_18500_firmwareMatchv300r003c10

huaweioceanstor_5800_v3Matchv300r003c10

huawei18800Matchv300r003c10

huawei18800fMatchv300r003c10

huaweioceanstor_9000_firmwareMatchv100r001c01

huaweioceanstor_9000_firmwareMatchv100r001c30

huaweioceanstor_9000_firmwareMatchv300r005c00

huaweioceanstor_ismMatchv200r001c09spc505

huaweioceanstor_ismMatchv200r001c91spc205

huaweioceanstor_ismMatchv200r001c91spc900

huaweioceanstor_ismMatchv200r001c91spc901

huaweioceanstor_ismMatchv100r003c10

CPENameOperatorVersion
agile controller-campuseqV100R002C00
anyofficeeqV200R005C00
anyofficeeqV200R006C00
firehunter6000eqV100R001C20
logcentereqV100R001C10
logcentereqV100R001C20
oceanstor 5300 v3eqV300R001
5500 v3eqV300R001
5600 v3eqV300R001
5800 v3eqV300R001

Name	Operator	Version
agile controller-campus	eq	V100R002C00
anyoffice	eq	V200R005C00
anyoffice	eq	V200R006C00
firehunter6000	eq	V100R001C20
logcenter	eq	V100R001C10
logcenter	eq	V100R001C20
oceanstor 5300 v3	eq	V300R001
5500 v3	eq	V300R001
5600 v3	eq	V300R001
5800 v3	eq	V300R001