cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
204
Views
5
Helpful
1
Replies
Highlighted
Beginner

CSCvn18917 - Evaluation of ncs for Apache Struts Commons FileUpload RCE - 1

Hi,

 

We are using Cisco Prime Infrastructure 3.4.0 with Maintenance release of 3.4.1

This version is affected by vulnerability CVE-2016-1000031 - Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability having cisco bug ID CSCvn18917

As per below link, the vulnerability was to be mitigated in Cisco Prime 3.4.1 Update 02


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload

But when I read release notes, this bug ID or this vulnerability is not mentioned.

Please let me know if this bug has been fixed or not. If yes, then in which update?

Thank you

 

Rgds,

Sanket Narkhede

 

 

1 REPLY 1

Re: CSCvn18917 - Evaluation of ncs for Apache Struts Commons FileUpload RCE - 1

Hi,

Seems there was a correction:

3.3.1 Update 04 (Feb 2019)
3.4.1 Update 03 (Mar 2019)
3.5 (Dec 2018)

 

But Update 03 is still not available

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards