Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20170316-01-STRUTS2
HistoryMar 16, 2017 - 12:00 a.m.

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

2017-03-1600:00:00
Huawei Technologies
www.huawei.com
275

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094)
This vulnerability has been assigned a CVE ID: CVE-2017-5638.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en

Affected configurations

Vulners
Node
huaweianyofficeMatchv200r005c00
OR
huaweismsgwMatchv100r002c01
OR
huaweismsgwMatchv100r002c11
OR
huaweismsgwMatchv100r003c01
OR
huaweisecospace_antiddos8000Matchv100r001c00
OR
huaweisecospace_antiddos8000Matchv500r001c00
OR
huaweisecospace_antiddos8000Matchv500r001c20
OR
huaweiespace_8950Matchv200r002c00
OR
huaweiespace_8950Matchv200r003c00
OR
huaweiespace_8950Matchv200r003c10
OR
huaweiespace_8950Matchv300r001c00
OR
huaweiimanager_netecoMatchv600r007c11
OR
huaweiimanager_netecoMatchv600r007c50
OR
huaweiimanager_netecoMatchv600r007c60
OR
huaweiimanager_netecoMatchv600r008c00
OR
huaweiimanager_netecoMatchv600r008c10
OR
huaweiimanager_netecoMatchv600r008c20
OR
huaweiimanager_neteco_6000Matchv600r007c80
OR
huaweiimanager_neteco_6000Matchv600r007c90
OR
huaweiimanager_neteco_6000Matchv600r007c91
OR
huaweioceanstor_9000_firmwareMatchv100r001c01
OR
huaweioceanstor_9000_firmwareMatchv300r005c00
OR
huaweioceanstor_9000_firmwareMatchv100r001c30
OR
huaweioceanstor_9000_firmwareMatchv300r006c00
OR
huaweioceanstor_18500_firmwareMatchv100r001
OR
huawei18800Matchv100r001
OR
huawei18800fMatchv100r001
OR
huaweihvs85tMatchv100r001
OR
huaweihvs88tMatchv100r001
OR
huaweieafe310Matchv100r004c00
OR
huaweieafe310Matchv100r004c10
OR
huaweieapp610Matchv100r003c00
OR
huaweieapp610Matchv100r004c00
OR
huaweieapp610Matchv100r004c10
OR
huaweieudc660Matchv100r004c00v100r005c10spc210
OR
huaweieudc660Matchv100r004c10

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%