Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products


Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094) This vulnerability has been assigned a CVE ID: CVE-2017-5638. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: [http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en>)

Affected Software

CPE Name Name Version
anyoffice V200R005C00
smsgw V100R002C01
smsgw V100R002C11
smsgw V100R003C01
secospace antiddos8000 V100R001C00
secospace antiddos8000 V500R001C00
secospace antiddos8000 V500R001C20
espace ecs V200R002C00
espace ecs V200R003C00
espace ecs V200R003C10
espace ecs V300R001C00
imanager neteco V600R007C11
imanager neteco V600R007C50
imanager neteco V600R007C60
imanager neteco V600R008C00
imanager neteco V600R008C10
imanager neteco V600R008C20
imanager neteco 6000 V600R007C80
imanager neteco 6000 V600R007C90
imanager neteco 6000 V600R007C91
oceanstor 9000 V100R001C01
oceanstor 9000 V300R005C00
oceanstor 9000 V100R001C30
oceanstor 9000 V300R006C00
oceanstor 18500 V100R001
18800 V100R001
18800f V100R001
hvs85t V100R001
hvs88t V100R001
eafe310 V100R004C00
eafe310 V100R004C10
eapp610 V100R003C00
eapp610 V100R004C00
eapp610 V100R004C10
eudc660 V100R004C00V100R005C10SPC210
eudc660 V100R004C10