I want to know measures for the vulnerability of Apache Struts released by Japan Vulnerability Notes (JVN) on June 7, 2016.

 
The following are the articles of the vulnerability of Apache Struts released by JVN

・Vulnerability that can operate a component on the memory in JVN JVN#03188560 Apache Struts 1
https://jvn.jp/en/jp/JVN03188560/index.html
・Vulnerability on the input value verification function in JVN JVN#65044642 Apache Struts 1
https://jvn.jp/en/jp/JVN65044642/index.html

○When using intra-mart BaseModule/WebPlatform/AppFramework products, obtain the modification patch for these products at the following URL.
http://newsupport.intra-mart.jp/patch/download/patch_info.php?patch_cd=1333 (Japanese)

The application of this patch is intended for the customers performing development with Struts framework in the following version.
・intra-mart BaseModule Ver4.1, Ver4.2, Ver4.3, Ver5.0, Ver5.1
・intra-mart WebPlatform/AppFramework Ver6.0, Ver6.1, Ver7.0, Ver7.1, Ver7.2

*Ver.7.2 is intended for up to patch09. patch10 includes this modification as standard. 
For the released information on the requirement for support for patch10, refer to the following URL.
https://issue.intra-mart.jp/issues/23125

○When intra-mart AccelPlatform products are used
In this case, the intended patch can be downloaded with IM-Juggling.

For details, refer to “Module Patch” in the intra-mart Accel Platform Setup Guide.
Information released on this requirement are available at the following URL.
https://issue.intra-mart.jp/issues/23345

*Postscript on June 13, 2016
For the vulnerability in the following URL released on the same day, we have confirmed that there is no impact on our standard products.

https://jvn.jp/en/jp/JVN74659077/index.html

-- Target ------------------------------------------------------------------------
iWP/Web System Construction Platform/WebPlatform/AppFramework
iAP/Accel Platform/All Updates
--------------------------------------------------------------------------------



FAQID:726
Was this article helpful?
0 out of 0 found this helpful
Powered by Zendesk