Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017

Related Vulnerabilities: CVE-2017-9793   CVE-2017-9804   CVE-2017-9805  

On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity. For more information about the vulnerabilities, refer to the Details section of this advisory. Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected by these vulnerabilities. The following Snort rule can be used to detect possible exploitation of this vulnerability: Snort SIDs 44315 and 44327 through 44330. This advisory is available at the following link: