Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Struts2 vulnerabilities

     

    • Product: Aleph
    • Product Version: 20, 21, 22, 23
    • Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care

     

    Description

    We have been alerted to a significant increase in scanning for a critical vulnerability to Apache Struts2: 

      https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/ 

      https://threatpost.com/attacks-heating-up-against-apache-struts-2-vulnerability/124183/ 

    Can we confirm that public facing systems hosted with Exlibris (Aleph's apache, primo, sfx, verde, metalib) are not vulnerable to this attack? 

    Resolution

    The Ex Libris Security Officer has replied: "Ex Libris has been made aware of a recently discovered vulnerability in STRUTS2. THIS VULNERABILITY DOES NOT AFFECT EX LIBRIS PRODUCTS. As a precaution, Ex Libris has blocked the signature for this vulnerability in Ex libris Cloud and Hosted vulnerability protection systems." 

     

     


    • Article last edited: 12-Mar-2017