No Riverbed products affected by CVE-2017-5638 -- Apache Struts Remote Control Execution

Categories:

SteelFusion, SteelConnect, Network Performance Management, Digital Experience Management, Cascade, Security, SteelHead

Solution Number:

S30308

Last Modified:

2017-03-24

Issue

Riverbed does not use Apache Struts software, and therefore, Riverbed products are not vulnerable to CVE-2017-5638.

A vulnerability (CVE-2017-5638 aka the Apache Struts vulnerability) has been reported that Apache Struts mishandles file upload, which allows remote attackers to execute arbitrary commands. For more information on this vulnerability, please refer to the following:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

Please note: To receive real-time updates on this article, please click the Subscribe icon in the upper right corner of this article. Updates will be emailed to you as they are published. For additional information on how to subscribe, see S22384.

Solution

Riverbed does not use Apache Struts software, and therefore, Riverbed products are not vulnerable to CVE-2017-5638.

Related Bugs

280873

Attachments

Related Files

NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.

Can't find an answer? Create a case