Security

Reply
Aruba

ClearPass patches: Struts vulnerability : CVE-2014-0094, CVE-2014-0050, CVE-2014-0112, CVE-2014-0113

Hello all,

 

ClearPass fixes for Struts security vulnerabilities are now available for versions 6.1.4, 6.2.6 and 6.3.0/6.3.1  The security vulnerabilities addressed in the patches are CVE-2014-0094, CVE-2014-0050, CVE-2014-0112, CVE-2014-0113.  Please review the attached README document for more information. 

 

Individual patches are available for ClearPass 6.1.4 and 6.2.6. For versions 6.3.1, the fixes are part of the latest cumulative update 6.3.2. There is no separate security patch available for these versions. Users should install the cumulative update 6.3.2 to obtain these fixes. 

 

For ClearPass 6.1.4 and 6.2.6 please review the README for prerequisites before installing the patch. Customers can install the patches from the Software Updates screen in ClearPass UI. The patches are also available for offline download and install from our support site (support.arubanetworks.com) at the following locations. 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I

Re: ClearPass patches: Struts vulnerability : CVE-2014-0094, CVE-2014-0050, CVE-2014-0112, CVE-2014-

Highly recommend you change all your passwords after you apply the patch, especially if your CPPM is internet facing.  Potiental for unauthenticated users getting all your CPPM password from etc/password file due this exploit.

 

Aruba Partner Network Consultant

**Aruba Wireless ACMP / ClearPass ACCP / CCNP Professional **
If a reply addresses your issue, please click on the "Accept as Solution" and "Give Kudos"

Guru Elite

Re: ClearPass patches: Struts vulnerability : CVE-2014-0094, CVE-2014-0050, CVE-2014-0112, CVE-2014-

These vulnerabilities were patched almost 3 years ago.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: