Description

We have been alerted to a significant increase in scanning for a critical vulnerability to Apache Struts2: 

  https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/ 

  https://threatpost.com/attacks-heating-up-against-apache-struts-2-vulnerability/124183/ 

Can we confirm that public facing systems hosted with Exlibris (Aleph's apache, primo, sfx, verde, metalib) are not vulnerable to this attack? 

Resolution

The Ex Libris Security Officer has replied: "Ex Libris has been made aware of a recently discovered vulnerability in STRUTS2. THIS VULNERABILITY DOES NOT AFFECT EX LIBRIS PRODUCTS. As a precaution, Ex Libris has blocked the signature for this vulnerability in Ex libris Cloud and Hosted vulnerability protection systems." 

• Article last edited: 12-Mar-2017