SAS Statement Regarding Apache Struts 2 Remote Code Execution Vulnerability CVE-2018-11776

Reference Name: Apache Struts 2 Remote Code Execution Vulnerability
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Severity: Informational
Status: No action by customers is required


History

8-24-2018 – Assessment completed

Impact

Customer deployments of SAS® are not vulnerable to CVE-2018-11776.

Description

It is possible to perform a remote code execution attack for certain configurations of Apache Struts 2 and its namespace feature.

Solution

August 24, 2018

The custom version of Apache Struts that is managed and delivered by SAS is not vulnerable to this exploitation because it does not use this particular namespace feature. Contact SAS Technical Support for additional details.

Security Bulletins Icon

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support Icon

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes Icon

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.

Back to Top