>

No Riverbed products affected by CVE-2017-5638 -- Apache Struts Remote Control Execution

Categories: SteelFusion, SteelConnect, SteelCentral NPM, SteelCentral APM, SteelCentral (Cascade), Security, SteelHead
Solution Number: S30308

Issue

Riverbed does not use Apache Struts software, and therefore, Riverbed products are not vulnerable to CVE-2017-5638.

A vulnerability (CVE-2017-5638 aka the Apache Struts vulnerability) has been reported that Apache Struts mishandles file upload, which allows remote attackers to execute arbitrary commands. For more information on this vulnerability, please refer to the following:
Please note: To receive real-time updates on this article, please click the Subscribe icon in the upper right corner of this article. Updates will be emailed to you as they are published. For additional information on how to subscribe, see S22384.

Solution

Riverbed does not use Apache Struts software, and therefore, Riverbed products are not vulnerable to CVE-2017-5638.
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Last Modified: 2017-03-24
Can't find an answer? Create a case