ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638 Struts2

last person joined: yesterday

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

Back to discussions

Expand all | Collapse all

ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638 Struts2

Jump to Best Answer

This thread has been viewed 0 times

1. ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638 Struts2

0 Kudos
AaronV
Posted Mar 20, 2017 04:09 AM

Reply Reply Privately
Regarding this exploit highly recommend to apply and also change all clearpass password afterwards, a similar exploit was released a couple of years ago, allowing unauthentied users to get the etc/password file.

CVE: CVE-2017-5638

Title
=====
Apache Struts Remote Code Execution Vulnerability
Overview
========
An unauthenticated remote code execution vulnerability in the Apache
Struts 2 package has been publicly reported. This advisory details
Aruba's exposure to this vulnerability.

**Aruba Wireless ACMP / ClearPass ACCP / CCNP Professional **
If a reply addresses your issue, please click on the "Accept as Solution" and "Give Kudos"
2. RE: ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638 Struts2
Best Answer

0 Kudos
EMPLOYEE

tarnold
Posted Mar 20, 2017 04:23 AM

Reply Reply Privately
http://community.arubanetworks.com/t5/Security/Clearpass-and-new-struts2-Vulnerability/td-p/290187

Security

ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638 Struts2

1. ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638 Struts2

2. RE: ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638 Struts2 Best Answer

2. RE: ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638 Struts2
Best Answer