Security Notice-Statement on Patch Bypassing of Apache Struts2
- Initial Release Date: Aug 08, 2014
- Last Release Date: Aug 08, 2014
Huawei has noticed that security researchers have found out that the patches for vulnerabilities CVE-2014-0050 and CVE-2014-009 can be bypassed. Huawei has started the investigation on Huawei products.
The investigation has been completed basically and it is confirmed that some Huawei products are affected. Huawei has prepared a fixing plan and started the development and test of fixed versions. Huawei has released an SA, which contains the fix plan and patch information of vulnerable products, the link is at http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm. Please stay tuned the SA.2014-07-25 V1.2 FINAL
2014-07-09 V1.1 UPDATED update investigation status information
2014-04-24 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.
