Security Notice - Statement on Remote Code Execution Vulnerability in Apache Struts2
- Initial Release Date: Mar 13, 2017
- Last Release Date: Mar 17, 2017
Huawei was notified about security notice S2-045 (CVE-2017-5638) released by Apache Struts2. Huawei immediately launched a thorough investigation.
Huawei has delivered Security Advisory. Customers can get necessary support for product security vulnerabilities through Huawei local technical service. The link of the security advisory is: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en
Customers can deploy Huawei NGFWs (Next Generation Firewall) or data center firewalls, and upgrade the IPS signature database to the latest version IPS_H20011000_2017030703 released on March 7, 2016 to detect and defend against the vulnerability exploits initiated from the Internet.
The following Huawei products Confirmed Vulnerable:
|
Product Name |
Affected Version |
|
AAA |
V300R003C30 V500R005C00 V500R005C10 V500R005C11 V500R005C12 V500R005C13 |
|
AnyOffice |
2.5.0302.0201T 2.5.0501.0290 V200R005C00 |
|
CloudOpera Orchestrator SDN |
V200R001C10 |
|
eLog |
V200R005C00 |
|
eSight Network |
V300R005C00 V300R006C00 |
|
eSpace ECS |
V200R002C00 V200R003C00 V200R003C10 V300R001C00 |
|
iManager N2510 |
V200R015C00 V200R015C10 V200R016C00 V200R017C00 V200R017C10 |
|
iManager NetEco 6000 |
V600R007C80 V600R007C80SPC100 V600R007C80SPC200 V600R007C90 V600R007C90SPC100 V600R007C91 V600R007C91SPC100 |
|
iManager NetEco |
V600R007C11 V600R007C50 V600R007C60SPC100 V600R008C00 V600R008C00SPC100 V600R008C10 V600R008C10SPC100 V600R008C20 |
|
iManager U2000 |
V200R014C50 V200R014C60 V200R015C50 V200R015C60 V200R016C50 V200R016C60 |
|
OceanStor 18500 |
V100R001C00 |
|
OceanStor 9000 |
V100R001C01 V100R001C30 V300R005C00 V300R006C00 |
|
OMP9360 |
V100R001C10 V100R001C20 V100R001C30 |
|
Policy Center |
V100R003C00 V100R003C10 |
|
Secospace AntiDDoS8030 |
V100R001C00 |
|
SMSGW |
V100R002C01 V100R002C11 V100R003C01 |
|
UPortal2800 |
V100R001C10 V100R001C20 V500R001C10 V500R001C20 |
The following Huawei products Confirmed Not Vulnerable:
|
Product Name |
|
eSpace USM |
|
FusionAccess |
|
GENEX Nastar |
|
iManager PRS |
|
iManager U2000-M |
|
iManager U2520 |
|
infracontrol plug-in |
|
NFA2000V |
|
NIP5500 |
|
OceanStor 6900 V3 |
|
OceanStor Backup Software |
|
OceanStor N8500 |
|
OceanStor Onebox |
|
OceanStor S2600T |
|
OceanStor S5500T |
|
OceanStor S5600T |
|
OceanStor S5800T |
|
OceanStor S6800T |
|
OceanStor VTL6900 |
|
RCS9880 |
|
Secospace USG6600 |
|
SIG9800-X16 |
|
UPCC |
2017-03-17 V1.2 UPDATED added Security Advisory link and updated the list
2017-03-14 V1.1 UPDATED updated the affected and not affected products list
2017-03-13 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
