This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

  • SA No:huawei-sa-20170316-01-struts2
  • Initial Release Date: Mar 16, 2017
  • Last Release Date: Jun 24, 2020

Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094)
This vulnerability has been assigned a CVE ID: CVE-2017-5638.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en

Product Name

Affected Version

Resolved Product and Version

AnyOffice

V200R005C00

2.6.1001+2.6.1001.sp1

SMSGW

V100R002C01

Upgrade to V100R003C01LG3501

V100R002C11

V100R003C01

V100R003C01LG3501

Secospace AntiDDoS8000

V100R001C00

Upgrade to V500R001SPH001

V500R001C00

V500R001SPH001

V500R001C20

eSpace ECS

V200R002C00

Upgrade to V300R001C00SPC207

V200R003C00

V200R003C10

V300R001C00

V300R001C00SPC207

iManager NetEco

V600R007C11

Upgrade to V600R008C10SPC210

V600R007C50

V600R007C60

Upgrade to V600R007C90SPC310

V600R008C00

Upgrade to V600R008C10SPC210

V600R008C10

V600R008C10SPC210

V600R008C20

V600R008C20SPC100

iManager NetEco 6000

V600R007C80

Upgrade to V600R007C90SPC310

V600R007C90

V600R007C90SPC310

V600R007C91

V600R007C91SPC100

 OceanStor 9000

 

 

 

V100R001C01

  V300R006C00SPC200

 

 

 

V300R005C00

V100R001C30

V300R006C00

 OceanStor 18500/18800/18800F/HVS85T/HVS88T

 V100R001

 V100R001C30SPH206



An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value.
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 9.1 (E:F/RL:O/RC:C)
This vulnerability can be exploited only when the following conditions are present:
An attacker can access the vulnerable products by network.
Vulnerability details:
An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value.

AnyOffice:

Scenario 1: AnyOffice deployed in Linux

1. Log in to the Service Controller (SC) as user anyofficeuser and access the related directory.

cd /usr/local/anyoffice/sc/mdmserver/webapps/MDMServer/WEB-INF

2. Back up web.xml:

cp web.xml web.xml.bak

3. Modify configuration file web.xml and save it.

a. Comment out the following code.

<!--

<filter-mapping>

<filter-name>struts2</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

-->

b. Add the following code below the commented code.

<filter-mapping>

<filter-name>struts2</filter-name>

<url-pattern>/aeResponseAction!getCert.action</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>struts2</filter-name>

<url-pattern>/aeOnlineCheckAction!checkOnLine.action</url-pattern>

</filter-mapping>

c. Save web.xml.

4. Restart the MDM service.

cd /usr/local/anyoffice/sc/mdmserver

sh ServerStop.sh

sh ServerStart.sh


Scenario 2: AnyOffice deployed in Windows

1. Log in to the SC as Administrator and access the following directory.

C:Program FilesAnyOfficescmdmserverwebappsMDMServerWEB-INF

2. Create a backup file web.xml.bak for web.xml.

3. Modify configuration file web.xml and save it.

a. Comment out the following code.

<!--

<filter-mapping>

<filter-name>struts2</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

-->

b. Add the following code below the commented code.

<filter-mapping>

<filter-name>struts2</filter-name>

<url-pattern>/aeResponseAction!getCert.action</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>struts2</filter-name>

<url-pattern>/aeOnlineCheckAction!checkOnLine.action</url-pattern>

</filter-mapping>

c. Save web.xml.

4. Access the Service page to restart MDM_Service.



OMP9360:

Scenario 1: OMP9360 V100R001C10

On the OMP9360 portal server:

1. Access the following directory.

/home/ompptlapp/tomcat/webapps/omp/WEB-INF/classes/conf/i18n/

2. Add the following information into files messages_en_US.properties and messages_zh_CN.properties.

struts.messages.upload.error.InvalidContentTypeException=1

3. Run the following command to restart the related process.

su ompptlapp -c "stopapp;startapp;"

4. Access the following directory.

/home/ompcslapp/tomcat/webapps/ompconsole/WEB-INF/classes/conf/i18n/

5. Add the following information into files messages_en_US.properties and messages_zh_CN.properties.

struts.messages.upload.error.InvalidContentTypeException=1

6. Run the following command to restart the related process.

su ompcslapp -c "stopapp;startapp;"

On the OMP9360 analysis server:

1. Access the following directory.

/opt/hwomp/tomcat/webapps/ROOT/WEB-INF/classes

2. Add the following information into files messages_en_US.properties and messages_zh_CN.properties.

struts.messages.upload.error.InvalidContentTypeException=1

On the OMP9360 Adapter API server

1. Access the following directory.

/opt/hwomp/adapter/tomcat/webapps/OMP_Adapter/WEB-INF/classes

2. Add information as follows in file struts.xml:

<constant name="struts.objectFactory" value="org.apache.struts2.spring.StrutsSpringObjectFactory" />

<constant name="struts.custom.i18n.resources" value="global" />  #Added information:

<package name="Login" extends="struts-default">

3. Access the following directory.

/opt/hwomp/adapter/tomcat/webapps/OMP_Adapter/WEB-INF/classes

4. Create blank file global.properties and add the following information to it.

struts.messages.upload.error.InvalidContentTypeException=1

5. Run the following commands to change file properties.

chown hwomp:hwomp global.properties

chmod 644 global.properties

6. Restart the related process to make the modification take effect.

cd /opt/hacs/bin/

./stop.sh

./start.sh


Scenario 2: OMP9360 V100R001C20 or OMP9360 V100R001C30

On the OMP9360 analysis server:

1. Access the following directory.

/opt/OMP9360/workshop/webpmu/analysis/ROOT/WEB-INF/classes/

2. Add the following information into files messageResources_en_US.properties and messageResources_zh_CN.properties.

struts.messages.upload.error.InvalidContentTypeException=1

Customers can deploy Huawei NGFWs (Next Generation Firewall) or data center firewalls, and upgrade the IPS signature database to the latest version (IPS_H20011000_2017030703) released on March 7, 2017 to detect and defend against the vulnerability exploits initiated from the Internet.


Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.

This vulnerability was disclosed in S2-045 on the Apache Struts2 official website.

2020-06-24 V1.3 UPDATED Updated the "Software Versions and Fixes" section;

2017-04-20 V1.2 UPDATED Assigned a CVE ID(CVE-2017-5638) to the vulnerability; Updated the "Software Versions and Fixes" section;
2017-03-18 V1.1 UPDATED Updated the "Software Versions and Fixes" section; Updated the information in "Temporary Fixes";
2017-03-16 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.