Apache Struts 2 vulnerability CVE-2017-5638 and SSO Agent for Sharepoint

Document ID : KB000013755
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

A vulnerability for Apache Struts 2 was reported under CVE-2017-5638

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

 

Question:

Is SSO Agent for SharePoint impacted by the Struts 2 vulnerability reported under CVE-2017-5638?

Environment:
R12.52 SP1 all CRs
Answer:

SSO SSO Agent for Sharepoint is not impacted by the Struts 2 vulnerability reported under CVE-2017-5638. 

Please use the following documentation links as a reference. 

 

R12.52 Sp1 CRx

https://docops.ca.com/ca-single-sign-on-agent-for-sharepoint/12-52-sp1/en/third-party-software-acknowledgements

Struts 1.2.9 is used.