cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1075
Views
0
Helpful
2
Replies

Fixing Struts2 CVE-2017-5638

llinddahl
Level 1
Level 1

Hi

 

According to relese notes the struts fix apply to ISE 2.1 patch 3

How is it with ISE 2.1 patch 5 should we appy the struts fix also to patch 5 ?

 

From release notes

Download the latest patch available from CCO and install before installing these bundles.
please note that this patch should be installed only on top of latest patch (Not hotfixes).

2.0 Patch 4
2.0.1 Patch 3
2.1 Patch 3
2.2 ( No patches )

 

Kind regards

Lars-Ove

 

2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni
I believe the patch is already integrated with 2.1 Patch 4 and above. So if you are using 2.1 patch 5, you do not need to install the patch separately.

Marvin Rhoads
Hall of Fame
Hall of Fame

Confirming what Rahul said - ISE 2.1 Patch 4 resolved the struts vulnerability so any 2.1 system with that patch (or later) does not require the Struts hotfix. (ISE patches are cumulative.)