Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products
- SA No:huawei-sa-20170316-01-struts2
- Initial Release Date: Mar 16, 2017
- Last Release Date: Jan 13, 2021
This vulnerability has been assigned a CVE ID: CVE-2017-5638.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en
|
Product Name |
Affected Version |
Resolved Product and Version |
|
AnyOffice |
V200R005C00 |
2.6.1001+2.6.1001.sp1 |
|
SMSGW |
V100R002C01 |
Upgrade to V100R003C01LG3501 |
|
V100R002C11 |
||
|
V100R003C01 |
V100R003C01LG3501 |
|
|
Secospace AntiDDoS8000 |
V100R001C00 |
Upgrade to V500R001SPH001 |
|
V500R001C00 |
V500R001SPH001 |
|
|
V500R001C20 |
||
|
eSpace ECS |
V200R002C00 |
Upgrade to V300R001C00SPC207 |
|
V200R003C00 |
||
|
V200R003C10 |
||
|
V300R001C00 |
V300R001C00SPC207 |
|
|
iManager NetEco |
V600R007C11 |
Upgrade to V600R008C10SPC210 |
|
V600R007C50 |
||
|
V600R007C60 |
Upgrade to V600R007C90SPC310 |
|
|
V600R008C00 |
Upgrade to V600R008C10SPC210 |
|
|
V600R008C10 |
V600R008C10SPC210 |
|
|
V600R008C20 |
V600R008C20SPC100 |
|
|
iManager NetEco 6000 |
V600R007C80 |
Upgrade to V600R007C90SPC310 |
|
V600R007C90 |
V600R007C90SPC310 |
|
|
V600R007C91 |
V600R007C91SPC100 |
|
|
OceanStor 9000
|
V100R001C01 |
V300R006C00SPC200
|
|
V300R005C00 |
||
|
V100R001C30 |
||
|
V300R006C00 |
||
|
OceanStor 18500/18800/18800F/HVS85T/HVS88T |
V100R001 |
V100R001C30SPH206 |
|
eAFE310 |
V100R004C00 |
V100R004C10SPC322 |
|
V100R004C10 |
||
|
eAPP610 |
V100R003C00 |
V100R005C10SPC210 |
|
V100R004C00 |
||
|
V100R004C10 |
||
|
eUDC660 |
V100R004C00V100R005C10SPC210 |
V100R005C10SPC210 |
|
V100R004C10 |
Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 9.1 (E:F/RL:O/RC:C)
An attacker can access the vulnerable products by network.
Vulnerability details:
An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value.
AnyOffice:
Scenario 1: AnyOffice deployed in Linux
1. Log in to the Service Controller (SC) as user anyofficeuser and access the related directory.
cd /usr/local/anyoffice/sc/mdmserver/webapps/MDMServer/WEB-INF
2. Back up web.xml:
cp web.xml web.xml.bak
3. Modify configuration file web.xml and save it.
a. Comment out the following code.
<!--
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
b. Add the following code below the commented code.
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/aeResponseAction!getCert.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/aeOnlineCheckAction!checkOnLine.action</url-pattern>
</filter-mapping>
c. Save web.xml.
4. Restart the MDM service.
cd /usr/local/anyoffice/sc/mdmserver
sh ServerStop.sh
sh ServerStart.sh
Scenario 2: AnyOffice deployed in Windows
1. Log in to the SC as Administrator and access the following directory.
C:Program FilesAnyOfficescmdmserverwebappsMDMServerWEB-INF
2. Create a backup file web.xml.bak for web.xml.
3. Modify configuration file web.xml and save it.
a. Comment out the following code.
<!--
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
b. Add the following code below the commented code.
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/aeResponseAction!getCert.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/aeOnlineCheckAction!checkOnLine.action</url-pattern>
</filter-mapping>
c. Save web.xml.
4. Access the Service page to restart MDM_Service.
OMP9360:
Scenario 1: OMP9360 V100R001C10
On the OMP9360 portal server:
1. Access the following directory.
/home/ompptlapp/tomcat/webapps/omp/WEB-INF/classes/conf/i18n/
2. Add the following information into files messages_en_US.properties and messages_zh_CN.properties.
struts.messages.upload.error.InvalidContentTypeException=1
3. Run the following command to restart the related process.
su ompptlapp -c "stopapp;startapp;"
4. Access the following directory.
/home/ompcslapp/tomcat/webapps/ompconsole/WEB-INF/classes/conf/i18n/
5. Add the following information into files messages_en_US.properties and messages_zh_CN.properties.
struts.messages.upload.error.InvalidContentTypeException=1
6. Run the following command to restart the related process.
su ompcslapp -c "stopapp;startapp;"
On the OMP9360 analysis server:
1. Access the following directory.
/opt/hwomp/tomcat/webapps/ROOT/WEB-INF/classes
2. Add the following information into files messages_en_US.properties and messages_zh_CN.properties.
struts.messages.upload.error.InvalidContentTypeException=1
On the OMP9360 Adapter API server
1. Access the following directory.
/opt/hwomp/adapter/tomcat/webapps/OMP_Adapter/WEB-INF/classes
2. Add information as follows in file struts.xml:
…
<constant name="struts.objectFactory" value="org.apache.struts2.spring.StrutsSpringObjectFactory" />
<constant name="struts.custom.i18n.resources" value="global" /> #Added information:
<package name="Login" extends="struts-default">
…
3. Access the following directory.
/opt/hwomp/adapter/tomcat/webapps/OMP_Adapter/WEB-INF/classes
4. Create blank file global.properties and add the following information to it.
struts.messages.upload.error.InvalidContentTypeException=1
5. Run the following commands to change file properties.
chown hwomp:hwomp global.properties
chmod 644 global.properties
6. Restart the related process to make the modification take effect.
cd /opt/hacs/bin/
./stop.sh
./start.sh
Scenario 2: OMP9360 V100R001C20 or OMP9360 V100R001C30
On the OMP9360 analysis server:
1. Access the following directory.
/opt/OMP9360/workshop/webpmu/analysis/ROOT/WEB-INF/classes/
2. Add the following information into files messageResources_en_US.properties and messageResources_zh_CN.properties.
struts.messages.upload.error.InvalidContentTypeException=1
Customers can deploy Huawei NGFWs (Next Generation Firewall) or data center firewalls, and upgrade the IPS signature database to the latest version (IPS_H20011000_2017030703) released on March 7, 2017 to detect and defend against the vulnerability exploits initiated from the Internet.
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
2021-01-13 V1.4 UPDATED Updated the "Software Versions and Fixes" section;
2020-06-24 V1.3 UPDATED Updated the "Software Versions and Fixes" section;
2017-04-20 V1.2 UPDATED Assigned a CVE ID(CVE-2017-5638) to the vulnerability; Updated the "Software Versions and Fixes" section;
2017-03-18 V1.1 UPDATED Updated the "Software Versions and Fixes" section; Updated the information in "Temporary Fixes";
2017-03-16 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
