IBM Support

IBM WebSphere Application Server is not vulnerable to CVE-2017-5638

Flashes (Alerts)


Abstract

IBM WebSphere Application Server is not vulnerable to the Apache Struts 2 vulnerability CVE-2017-5638

Content

IBM WebSphere Application Server in all editions and all platforms is NOT vulnerable to the Apache Struts 2 vulnerability (CVE-2017-5638). The IBM HTTP Server is also not affected.

NOTE: You should check your applications to determine if they are using the vulnerable Apache Struts APIs and update your Apache Struts 2 accordingly. Refer to https://cwiki.apache.org/confluence/display/WW/S2-045

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0;8.5.5;8.5;8.0;7.0","Edition":"Advanced;Base;Developer;Enterprise;Liberty;Network Deployment"},{"Product":{"code":"SSCKBL","label":"WebSphere Application Server Hypervisor Edition"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""},{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""},{"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

Document Information

Modified date:
15 June 2018

UID

swg22000122