The following are the articles of the vulnerability of Apache Struts released by JVN
・Vulnerability that can operate a component on the memory in JVN JVN#03188560 Apache Struts 1
https://jvn.jp/en/jp/JVN03188560/index.html
・Vulnerability on the input value verification function in JVN JVN#65044642 Apache Struts 1
https://jvn.jp/en/jp/JVN65044642/index.html
○When using intra-mart BaseModule/WebPlatform/AppFramework products, obtain the modification patch for these products at the following URL.
http://newsupport.intra-mart.jp/patch/download/patch_info.php?patch_cd=1333 (Japanese)
The application of this patch is intended for the customers performing development with Struts framework in the following version.
・intra-mart BaseModule Ver4.1, Ver4.2, Ver4.3, Ver5.0, Ver5.1
・intra-mart WebPlatform/AppFramework Ver6.0, Ver6.1, Ver7.0, Ver7.1, Ver7.2
*Ver.7.2 is intended for up to patch09. patch10 includes this modification as standard.
For the released information on the requirement for support for patch10, refer to the following URL.
https://issue.intra-mart.jp/issues/23125
○When intra-mart AccelPlatform products are used
In this case, the intended patch can be downloaded with IM-Juggling.
For details, refer to “Module Patch” in the intra-mart Accel Platform Setup Guide.
Information released on this requirement are available at the following URL.
https://issue.intra-mart.jp/issues/23345
*Postscript on June 13, 2016
For the vulnerability in the following URL released on the same day, we have confirmed that there is no impact on our standard products.
https://jvn.jp/en/jp/JVN74659077/index.html
-- Target ------------------------------------------------------------------------
iWP/Web System Construction Platform/WebPlatform/AppFramework
iAP/Accel Platform/All Updates
--------------------------------------------------------------------------------
FAQID:726