Security Notice - Statement on Remote Code Execution Vulnerability in Apache Struts2
- Initial Release Date: 2016-04-27
- Last Release Date: 2016-05-27
Huawei was notified about security notice S2-032 (CVE-2016-3081) released by Apache Struts2. Huawei immediately launched a thorough investigation.
Huawei has delivered Security Advisory. Customers can get necessary support for product security vulnerabilities through Huawei local technical service. The link of the security advisory is: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en
Customers can deploy Huawei NGFWs (Next Generation Firewall) or data center firewalls, and upgrade the IPS signature database to the latest version IPS_H20011000_2016042700 released on April 27, 2016 to detect and defend against the vulnerability exploits initiated from the Internet.
The following Huawei products Confirmed Vulnerable:
|
Product Name |
Affected Version |
|
Agile Controller-Campus |
V100R002C00 |
|
OceanStor N8500 |
V200R001C09 |
The following Huawei products Confirmed Not Vulnerable:
|
Product Name |
|
eSight Network |
|
FusionInsight HD |
|
MBB&home |
|
Secospace USG6600 |
|
Smartphone |
2016-05-27 V1.1 UPDATED added Security Advisory link
2016-05-03 V1.1 UPDATED added the affected and not affected products list
2016-04-27 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
