The article of the vulnerability of Apache Struts reported by JVN is as follows:
・ JVN JVN#03188560 Apache Struts 1 vulnerability that allows unintended remote operations against components on memory
https://jvn.jp/en/jp/JVN03188560/index.html
・ JVN JVN#65044642 Apache Struts 1 vulnerable to input validation bypass
https://jvn.jp/en/jp/JVN65044642/index.html
○ If you use intra-mart BaseModule/WebPlatform/AppFramework
You can get a patch for this issue on the following webpage.
http://newsupport.intra-mart.jp/patch/download/patch_info.php?patch_cd=1333 (Japanese)
Those who use the Struts framework for development with the following versions need to apply the above-mentioned patch.
・ intra-mart BaseModule Ver4.1 Ver4.2 Ver4.3 Ver5.0 Ver5.1
・ intra-mart WebPlatform/AppFramework Ver6.0 Ver6.1 Ver7.0 Ver7.1 Ver7.2
* For Ver.7.2, patch09 or earlier is in the scope. patch 10 has the correction as default.
A requirement solved in patch10 is disclosed in the following webpage.
https://issue.intra-mart.jp/issues/23125
○ If you are using intra-mart Accel Platform
You can download an appropriate patch for this issue with IM-Juggling.
Please refer to “Patch apply to modules” in intra-mart Accel Platform Setup Guide for the details.
A requirement of the issue is disclosed in the following webpage.
https://issue.intra-mart.jp/issues/23345
* Added on 06/13/2016
For a vulnerability reported on the same day, of which you can check the details in the following webpage, we have confirmed that our standard products are not affected by it.
https://jvn.jp/en/jp/JVN74659077/index.html
-- Target ------------------------------------------------------------------------
iAP/Accel Platform/All Updates
--------------------------------------------------------------------------------
FAQID:608