Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +259 more potentially affected by CVE-2012-4387 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.4)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 - com.github.psyuhen:struts2-thymeleaf3-plugin =1.0.5.1-RELEASE and more Source cves: CVE-2012-4387 Source advisory: OSV:GHSA-HRGC-54MV-58GV...

CVE-2012-4387

CVE-2012-4387 is an Apache Struts DoS vulnerability: remote attacker can cause CPU exhaustion by sending a long parameter name that is processed as an OGNL expression. The issue affects Struts 2.0.0–2.3.4. In the connected IBM advisories, remediation centers on upgrading IBM Sterling Order Manage...