Apache Struts 2 vulnerability and Live Assist software (CVE-2017-5638)

We have been made aware of serious vulnerability with Apache struts 2.

 

The vulnerability summary:

 

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

 

More details at: 

 

CafêX does not use Apache Struts 2 and is not vulnerable to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

 

If you require further information please contact Customer Support.