Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
5
Helpful
1
Replies

CSCvn18917 - Evaluation of ncs for Apache Struts Commons FileUpload RCE - 1

narkhedesanket
Level 1
Level 1

‎02-04-2019 05:13 AM

Hi,

 

We are using Cisco Prime Infrastructure 3.4.0 with Maintenance release of 3.4.1

This version is affected by vulnerability CVE-2016-1000031 - Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability having cisco bug ID CSCvn18917

As per below link, the vulnerability was to be mitigated in Cisco Prime 3.4.1 Update 02


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload

But when I read release notes, this bug ID or this vulnerability is not mentioned.

Please let me know if this bug has been fixed or not. If yes, then in which update?

Thank you

 

Rgds,

Sanket Narkhede

 

 

Labels:
0 Helpful
1 Reply 1

alois.heilmaier
Level 1
Level 1

‎03-29-2019 08:24 AM

Hi,

Seems there was a correction:

3.3.1 Update 04 (Feb 2019)
3.4.1 Update 03 (Mar 2019)
3.5 (Dec 2018)

 

But Update 03 is still not available

Customers Also Viewed These Support Documents