==================================================================== CERT-Renater Note d'Information No. 2017/VULN248 _____________________________________________________________________ DATE : 08/09/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco products incorporating Apache Struts 2. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 ____________________________________________________________________ Cisco Security Advisory: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 Advisory ID: cisco-sa-20170907-struts2 Revision: 1.0 For Public Release: 2017 September 7 21:00 GMT Last Updated: 2017 September 7 21:00 GMT CVE ID(s): CVE-2017-9793, CVE-2017-9804, CVE-2017-9805 +--------------------------------------------------------------------- Summary ======= On September 5, 2017, the Apache Software Foundation released security bulletins that disclose three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity. For more information about the vulnerabilities, refer to the Details ["#details"] section of this advisory. Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by these vulnerabilities. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"] ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================