Apache Struts 2.5.30 Critical Vulnerability Remediation
(Doc ID 2993826.1)
Last updated on DECEMBER 18, 2023
Applies to:
Oracle Documaker - Version 12.7 and laterInformation in this document applies to any platform.
Goal
Customer has Documaker 12.7 Front-end Servers with WebSphere WAS 9 for MQ process Control redirection. We also use Liberty for our Linux Batch Server.
We just received information that Apache Struts 2.5.30 has a security vulnerability.
Vulnerability Details : CVE-2023-50164
An attacker can manipulate file upload parameters to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Please advise us if we need to take any action from our side.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |