Is the R12.52 SP1 Agent for SharePoint (SPS) vulnerable to CVE-2017-5638, and if so what CR's?

Document ID : KB000015361
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Is the R12.52 SP1 Agent for SharePoint (SPS) vulnerable to CVE-2017-5638, and if so what CR's? 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638 

Answer:
This vulnarability is affecting versions of the Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1, since it mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.
 
As MANIFEST.MF states as following, the Struts version is 1.2.9. So,we may conclude SiteMinder is not affected by this CVE.

>Specification-Title: Struts Framework
>Specification-Vendor: The Apache Software Foundation
>Specification-Version: 1.2.9
 

>Specification-Title: Struts Framework
>Specification-Vendor: The Apache Software Foundation
>Specification-Version: 1.2.9