Hewlett Packard Enterprise Product Security Vulnerability Alerts
Apache Struts Vulnerability (CVE-2017-9805)
Version 2.0 : Last Updated: September 18th, 2017
This website is updated frequently, as new product information becomes available.
The REST Plugin in Apache Struts2 is using a XStreamHandler with an instance of XStream for deserialization without any type filtering which could lead to Remote Code Execution when deserializing XML payloads. An attacker could use this flaw to execute arbitrary code or conduct further attacks. To learn more about CVE-2017-9805, see the MITRE CVE dictionary and NIST NVD.
Hewlett Packard Enterprise is currently evaluating its products to determine which ones may be impacted by this vulnerability. This list will be updated as new information is received.
|
Usage Instructions and Definitions for CVE Vulnerability Information |
|
|
Data |
Definition |
|
Product Family |
High-level product
description. |
|
Product Name |
Detailed product
description. |
|
CVE-XXXX |
Indicates whether
the specific product is affected by the cited vulnerability. |
|
(Impacted Y/N) |
|
|
If Impacted |
Information
regarding how to address a vulnerability. |
|
Mitigation Info |
|
|
Link to Security Bulletin |
Link to HPE's
Security Bulletin |
Use the following table to find vulnerability information.
|
Product Sub- Category |
Product Name |
impacted |
If Impacted - Mitigation |
Link(s) to security bulletin (PSRT or Vendor) |
|
|
DCIG |
Non-HP
OS |
Debian |
Yes |
Refer to
the patches available at the Oracle website |
|
|
DCIG |
Non-HP OS |
Ubuntu |
Yes |
|
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9805.html |
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700X for Microsoft (727177-B21) |
Under
Investigation |
|
|
|
SDCG |
Converged Systems |
HP ConvergedSystem 700X v1.1
Microsoft Kit (J0H73A) |
Under Investigation |
|
|
|
SDCG |
Converged
Systems |
HPE
Converged System 700 2.0 Hyper-V |
Under
Investigation |
|
|
|
SDCG |
Converged Systems |
HP Converged System 700 2.0 VMWare |
Under Investigation |
|
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700X for Vmware (721223-B21) |
Under
Investigation |
|
|
|
SDCG |
Converged Systems |
HP ConvergedSystem 700X v1.1 Vmware
Kit (J0H72A) |
Under Investigation |
|
|
|
SDCG |
Converged
Systems |
HPE
Converged Architecture 700 |
Under
Investigation |
|
|
|
DCIG |
Non-HP OS |
Citrix XenServer |
Under Investigation |
|
|
|
DCIG |
Non-HP
OS |
Oracle
Linux |
Under
Investigation |
|
|
|
DCIG |
Non-HP OS |
Solaris |
Under Investigation |
|
|
|
SDCG |
Converged
Systems |
HP
OneView |
No |
|
|
|
SDCG |
Platform Software |
Matrix Recovery Management (MRM) |
No |
|
|
|
DCIG |
Platform
Software |
SPP
Custom Download |
No |
|
|
|
DCIG |
Platform Software |
Service Pack for ProLiant |
No |
|
|
|
DCIG |
Platform
Software |
HPAPM,
HP Apollo Platform Manager |
No |
|
|
|
DCIG |
Platform Software |
SLAPM, HP ProLiant SL Advanced Power
Manager |
No |
|
|
|
DCIG |
Platform
Software |
SL
Chassis Firmware |
No |
|
|
|
DCIG |
Non-HP OS |
SUSE Linux Enterprise Server |
No |
|
|
|
DCIG |
Non-HP
OS |
CentOS |
No |
|
|
|
DCIG |
Platform Software |
System Management Homepage for
Solaris 10 (x86[/x64]) Systems |
No |
|
|
|
DCIG |
Non-HP
OS |
Red Hat
Enterprise Linux |
No |
|
|
|
Networking |
HPE Network |
Smal Medium Business Solutions |
No |
|
|
|
Networking |
Aruba
Network |
Aruba
ClearPass |
No |
|
|
|
DCIG |
Non-HP OS |
HP SSL for OpenVMS |
No |
|
|
|
DCIG |
Platform
Software |
HP
Agentless Mgmt Service for Windows |
No |
|
|
|
SDCG |
Management SW |
OV4VC |
No |
|
|
|
Storage |
3PAR |
3PAR |
No |
|
|