Patch/Configuration Management, Vulnerability Management

Oracle patches 7 Apache Struts 2 vulnerabilities


Oracle issued seven security updates to patch vulnerabilities found in Apache Struts 2.

Oracle reported in a security bulletin that these fixes were being issued to its customers in response to the Equifax breach, but that none is related to the issue that allowed the credit monitoring firm to be breached earlier this month, putting 143 million consumers at risk. Oracle said a patch for CVE-2017-5638, which was the offending vulnerability with Equifax, was made available in April.

The vulnerabilities included in this update are CVE-2017-9805, CVE-2017-7672, CVE-2017-9787, CVE-2017-9791, CVE-2017-9793, CVE-2017-9804, and CVE-2017-12611.

Oracle issued details on CVE-2017-9805, which could allow a targeted system to be remotely exploited without user authentication, if left unpatched.

“Oracle strongly recommends that the fixes contained in this Security Alert be applied without delay,” the company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.