This notice is informational only and does not affect ANY of Paperclip’s services.
On September 6, 2017, the Apache Foundation released information on three seperate vulnerabilities affecting Apache Struts. One of the vulnerabilities (CVE-2017-9805) takes advantage of a weakness in the Struts REST plugin.
Successful exploitation would allow a remote attacker to execute arbitrary code and potentially take control of the system. The following applications/systems are affected by this vulnerability as listed in the Apache Security Bulletin S2-052 description:
- Apache Struts 2.1.2 – Struts 2.3.34
- Apache Struts 2.5 – Struts 2.5.12
Further details regarding this vulnerability can be found on Apache’s website:
Apache Struts Security Bulletin – Critical:
https://cwiki.apache.org/confluence/display/WW/S2-052
http://struts.apache.org/docs/s2-052.html
Apache Struts Vulnerability CVE-2017-9805:
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9805