cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
772
Views
5
Helpful
1
Replies

CSCvn18917 - Evaluation of ncs for Apache Struts Commons FileUpload RCE - 1

narkhedesanket
Level 1
Level 1

Hi,

 

We are using Cisco Prime Infrastructure 3.4.0 with Maintenance release of 3.4.1

This version is affected by vulnerability CVE-2016-1000031 - Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability having cisco bug ID CSCvn18917

As per below link, the vulnerability was to be mitigated in Cisco Prime 3.4.1 Update 02


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload

But when I read release notes, this bug ID or this vulnerability is not mentioned.

Please let me know if this bug has been fixed or not. If yes, then in which update?

Thank you

 

Rgds,

Sanket Narkhede

 

 

1 Reply 1

alois.heilmaier
Level 1
Level 1

Hi,

Seems there was a correction:

3.3.1 Update 04 (Feb 2019)
3.4.1 Update 03 (Mar 2019)
3.5 (Dec 2018)

 

But Update 03 is still not available