Hewlett Packard Enterprise Product Security Vulnerability Alerts
Struts Vulnerability (CVE-2017-5638)
Version 4.0 : Last Updated: September 18th, 2017
This website is updated frequently, as new product information becomes available.
On March 6th, 2017, Apache disclosed a new vulnerability in Apache Struts 2. The vulnerability allows remote code execution when performing file upload using the Jakarta multipart parser used in Apache Struts 2. This flaw allows an attacker to send invalid content-type HTTP header as part of the file upload request which could result in execution of arbitrary code on the vulnerable system. If exploited, the attacker can steal critical data and/or take control of the affected system.
Additional information about this vulnerability is available at the NIST website (CVE-2017-5638).
- Resources
- HPE Vulnerability Homepage
- NIST Website
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Family |
High-level product description. |
Product Name |
Detailed product description. |
CVE-XXXX |
Indicates whether the specific product is affected by the cited vulnerability. |
(Impacted Y/N) |
|
Impacted |
Indicates whether the specific product is directly affected by the cited vulnerability or is indirectly affected due to a dependence on a separate, embedded or associated product. |
Direct/Indirect |
|
If Impacted |
Information regarding how to address a vulnerability. |
Mitigation Info |
|
Notes |
Miscellaneous information regarding the vulnerability. |
Link to Security Bulletin |
Link to HPE's Security Bulletin |
Use the following table to find vulnerability information.
Product Sub- Category |
Product Name |
impacted |
If Impacted - Mitigation |
Link(s) to security bulletin (PSRT or Vendor) |
|
CDI |
Converged
Systems |
HP
Converged System 700 2.0 VMWare |
Yes |
Under
Investigation |
|
CDI |
Converged Systems |
HP ConvergedSystem 700X for Vmware
(721223-B21) |
Yes |
Under Investigation |
|
CDI |
Converged
Systems |
HP
ConvergedSystem 700X v1.1 Vmware Kit (J0H72A) |
Yes |
Under
Investigation |
|
CDI |
Converged Systems |
HPE Converged Architecture 700 |
Yes |
Under Investigation |
|
CDI |
Converged
Systems |
HPE
HC380 1.0 |
Yes |
Under
Investigation |
http://www.vmware.com/au/security/advisories/VMSA-2017-0004.html |
CDI |
Converged Systems |
HC380 1.0 U1 |
Yes |
Under Investigation |
http://www.vmware.com/au/security/advisories/VMSA-2017-0004.html |
CDI |
Converged
Systems |
HC380
1.1 |
Yes |
Under
Investigation |
http://www.vmware.com/au/security/advisories/VMSA-2017-0004.html |
CDI |
Platform Software |
Matrix Recovery Management (MRM) |
Yes |
Under Investigation |
|
Networking |
Aruba
Network |
Aruba
ClearPass |
Yes |
Fix is
available to download at http://www.arubanetworks.com |
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt |
CDI |
Converged Systems |
HP ConvergedSystem 700X for Microsoft
(727177-B21) |
Under Investigation |
|
|
CDI |
Converged
Systems |
HP
ConvergedSystem 700X v1.1 Microsoft Kit (J0H73A) |
Under
Investigation |
|
|
CDI |
Converged Systems |
HPE Converged System 700 2.0 Hyper-V |
Under Investigation |
|
|
Networking |
HPE Network |
Smal
Medium Business Solutions |
Under
Investigation |
|
|
Servers |
Non-HP OS |
SUSE Linux Enterprise Server |
Under Investigation |
|
|
Servers |
Non-HP
OS |
CentOS |
Under
Investigation |
|
|
Servers |
Non-HP OS |
Citrix XenServer |
Under Investigation |
|
|
Servers |
Non-HP
OS |
Debian |
Under
Investigation |
|
|
Servers |
Platform Software |
System Management Homepage for
Solaris 10 (x86[/x64]) Systems |
Under Investigation |
|
|
Servers |
Non-HP
OS |
Oracle
Linux |
Under
Investigation |
|
|
Servers |
Non-HP OS |
Red Hat Enterprise Linux |
Under Investigation |
|
|
Servers |
Non-HP
OS |
Solaris |
Under
Investigation |
|
|
CDI |
Converged Systems |
HP Converged System 700 2.0
Foundation |
No |
|
|
CDI |
Converged
Systems |
HP
ConvergedSystem 700X (727178-B21) |
No |
|
|
CDI |
Converged Systems |
HP ConvergedSystem 700X v1.1
Foundation Kit (J0H71A) |
No |
|
|
CDI |
Converged
Systems |
ConvergedSystem100 |
No |
|
|
CDI |
Converged Systems |
HP AppSystem for SAP HANA Scale Out
1.2 |
No |
|
|
CDI |
Converged
Systems |
HP
ConvergedSystem 500 for SAP HANA -
Single-Node, Scale-up (v2, v3, v4) |
No |
|
|
CDI |
Converged Systems |
HP ConvergedSystem 500 for SAP HANA -
Scale Out (v2, v3, v4) |
No |
|
|
CDI |
Converged
Systems |
HP
ConvergedSystem 900 for SAP HANA - Scale Out (v2, v4; n/a v3) |
No |
|
|
CDI |
Converged Systems |
HP ConvergedSystem 900 for SAP HANA -
Scale Up (v2, v3, v4) |
No |
|
|
CDI |
Converged
Systems |
HP
AppSystems for SAP HANA Scale-up Gen 1.0 |
No |
|
|
CDI |
Converged Systems |
HP AppSystems for SAP HANA Scale-out
Gen 1.0 |
No |
|
|
CDI |
Platform
Software |
HP
Systems Insight Manager (SIM) |
No |
|
|
CDI |
Platform Software |
Insight Control for Linux |
No |
|
|
CDI |
Platform
Software |
Insight
Control performance pack (PMP) |
No |
|
|
CDI |
Platform Software |
Insight Control server deployment |
No |
|
|
CDI |
Platform
Software |
Insight
Control server migration (SMP, V2V/P2P etc.)) |
No |
|
|
CDI |
Platform Software |
Insight Control server provisioning
(Altair) |
No |
|
|
CDI |
Platform
Software |
Insight
Control Virt/ Virt Machine Mgt (VMM) |
No |
|
|
CDI |
Platform Software |
Insight Orchestration |
No |
|
|
CDI |
Platform
Software |
IS-Installer |
No |
|
|
CDI |
Platform Software |
MOE Capacity Advisor |
No |
|
|
CDI |
Platform
Software |
MOE-
global Workforce Load Manager ; gWLM |
No |
|
|
CDI |
Platform Software |
SPM (Storage) (SSI Plug-in) |
No |
|
|
CDI |
Platform
Software |
System
Management Homepage for Linux |
No |
|
|
CDI |
Platform Software |
System Management Homepage for
Windows |
No |
|
|
CDI |
Platform
Software |
Version
Control Agent (Linux) |
No |
|
|
CDI |
Platform Software |
Version Control Agent (Windows) |
No |
|
|
CDI |
Platform
Software |
Version
Control Repository Manager |
No |
|
|
CDI |
Platform Software |
WMI Mapper* |
No |
|
|
CDI |
Platform
Software |
Oneview
for Virtual Center(OV4VC) |
No |
|
|
CDI |
Converged Systems |
Oneview for System center(OV4SC) |
No |
|
|
CDI |
Platform
Software |
OpsA |
No |
|
|
CDI |
Platform Software |
vPV |
No |
|
|
CDI |
Platform
Software |
vROPS |
No |
|
|
CDI |
Platform Software |
LSM Adaptor |
No |
|
|
CDI |
Platform
Software |
AD, iCAP
Mgr, WLM, Vman, VseAssist, MSSW, IS Advisor, IS Installer, MXSYNC, SD Plug-in |
No |
|
|
CDI |
Platform Software |
HP Insight Power Management(IPM) |
No |
|
|
CDI |
Platform
Software |
OO |
No |
|
|
CDI |
Platform Software |
Onboard Administrator(OA) |
No |
|
|
CDI |
Platform
Software |
System
Insight Manager (SIM) |
No |
|
|
Networking |
HPE Network |
MSM Wireless |
No |
|
|
Networking |
HPE
Network |
PVOS
Legacy |
No |
|
|
Networking |
HPE Network |
ProVision Switches |
No |
|
|
Networking |
H3C
Network |
Comware
v5 |
No |
|
|
Networking |
H3C Network |
Comware v7 |
No |
|
|
Networking |
H3C
Network |
Intelligent
Management Center (IMC) |
No |
|
|
Networking |
H3C Network |
SecBlade SSL VPN (Comware v3) |
No |
|
|
Networking |
H3C
Network |
Unified
Wireless Solutions (Comware V5) |
No |
|
|
Networking |
H3C Network |
VoIP (VCX) |
No |
|
|
Networking |
H3C
Network |
vSwitch |
No |
|
|
Networking |
HPE Network |
SDN Applications |
No |
|
|
Networking |
HPE
Network |
SDN
Controller |
No |
|
|
Networking |
H3C Network |
HP Small Biz Network (SBN) solutions |
No |
|
|
Networking |
Aruba
Network |
Aurba
Airwave |
No |
|
|
Networking |
Aruba Network |
Aruba OS |
No |
|
|
Servers |
Platform
Software |
HP
VMware WBEM Providers |
No |
|
|
Servers |
Platform Software |
HP Agentless Mgmt Service for VMware |
No |
|
|
Servers |
Platform
Software |
HP
VMware Utilities |
No |
|
|
Servers |
Platform Software |
HP Managed PDU |
No |
|
|
Servers |
Platform
Software |
HP
Monitored PDU |
No |
|
|
Servers |
Power |
HP UPS Network Management Card |
No |
|
|
Servers |
Power |
HP UPS
Power Protector Software |
No |
|
|
Servers |
HP-UX |
HP-UX iCAP |
No |
|
|
Servers |
HP-UX |
HP-UX
VirtProvider |
No |
|
|
Servers |
HP-UX |
HP-UX vmProvider |
No |
|
|
Servers |
HP-UX |
HP-UX
VSMgr |
No |
|
|
Servers |
Platform Software |
C-Track |
No |
|
|
Servers |
Platform
Software |
HP
Insight Remote Support (V5 Client) |
No |
|
|
Servers |
Platform Software |
HP Insight Remote Support (V7 Client) |
No |
|
|
Servers |
Platform
Software |
HPRC
Client |
No |
|
|
Servers |
Platform Software |
HPRC Upload Applet |
No |
|
|
Servers |
Platform
Software |
Instant
Support Personal Edition (ISPE) Mobile App |
No |
|
|
Servers |
Platform Software |
Remote Device Access - Instant
Customer Access Server (iCAS) |
No |
|
|
Servers |
Platform
Software |
Remote
Device Access - Virtual Customer Access System (vCAS) |
No |
|
|
Servers |
Platform Software |
Integrated Management Log Viewer for Windows |
No |
|
|
Servers |
Platform
Software |
Management
Controller Driver for Windows |
No |
|
|
Servers |
Platform Software |
HP Insight Management Agents (Linux) |
No |
|
|
Servers |
Platform
Software |
HP
ProLiant Solaris 11 Support Bundle |
No |
|
|
Servers |
Platform Software |
HP SNMP Agents for Citrix XenServer |
No |
|
|
Servers |
Platform
Software |
Management
Component Pack CD for dpkg-based distributions |
No |
|
|
Servers |
Platform Software |
Management Component Pack for Asianux
4 (i386 and x86_64) |
No |
|
|
Servers |
Platform
Software |
Management
Component Pack for CentOS 5 (i386 and x86_64) |
No |
|
|
Servers |
Platform Software |
Management Component Pack for CentOS
6 (i386 and x86_64) |
No |
|
|
Servers |
Platform
Software |
Management
Component Pack for CentOS 7 |
No |
|
|
Servers |
Platform Software |
Management Component Pack for Oracle
5[.x] (i386 and x86_64) |
No |
|
|
Servers |
Platform
Software |
Management
Component Pack for Oracle 6.x (x86_64) |
No |
|
|
Servers |
Platform Software |
Management Component Pack for Oracle
7.x (x86_64) |
No |
|
|
Servers |
Platform
Software |
ProLiant
Support Pack for Asianux 3 (i386 and x86_64) |
No |
|
|
Servers |
Platform Software |
ProLiant Support Pack for Fedora 14
(i386 and x86_64) |
No |
|
|
Servers |
Platform
Software |
ProLiant
Support Pack for openSUSE 11.3 (i386 and x86_64) |
No |
|
|
Servers |
Platform Software |
Support Bundle for Oracle Solaris 10
(x86/x64) on ProLiant |
No |
|
|
Servers |
Platform
Software |
Support
Bundle for Oracle Solaris 10 1/13 (x86/x64) on ProLiant |
No |
|
|
Servers |
Platform Software |
HP iLO Mobile Application |
No |
|
|
Servers |
HP-UX |
HP-UX
HIDS |
No |
|
|
Servers |
HP-UX |
HP-UX OpenSSL |
No |
|
|
Servers |
Platform
Software |
HP
Insight Management VCEM Web Client SDK |
No |
|
|
Servers |
Platform Software |
HP BladeSystem c-Class Virtual
Connect Support Utility |
No |
|
|
Servers |
Platform
Software |
Virtual
Connect |
No |
|
|
Servers |
Platform Software |
Virtual Connect Enterprise Manager |
No |
|
|
Servers |
Platform
Software |
HP
Integrated Lights Out (iLO) |
No |
|
|
Servers |
Platform Software |
SUM |
No |
|
|
Servers |
Platform
Software |
HP SUT
Win/Lin |
No |
|
|
Servers |
Platform Software |
HP SUT ESXi |
No |
|
|
Servers |
Platform
Software |
HP SUM
ISO |
No |
|
|
Servers |
Platform Software |
HP Intelligent Provisioning |
No |
|
|
Servers |
Integrity |
HP
Integrity CB900s i2 & i4 Superdome 2 Server |
No |
|
|
Servers |
Integrity |
HP Integrity cx2600, cx2620, BL60P,
rx1600, rx1620, rx4640, rx5670, rx2600, rx2620, zx2000,
zx8000 |
No |
|
|
Servers |
Integrity |
HP
Integrity rx8640 Server; HP 9000 rp8420 Server; HP Integrity rx7640 Server;
HP 9000 rp7420 Server |
No |
|
|
Servers |
Integrity |
HP Integrity Superdome X |
No |
|
|
Servers |
Integrity |
Integrity
BL860c & BL870c |
No |
|
|
Servers |
Integrity |
Integrity BL8x0C i2 & i4 |
No |
|
|
Servers |
Integrity |
Integrity
rx2800 i2 &Â i4 |
No |
|
|
Servers |
Integrity |
Integrity rx6600, rx3600, rx2660 |
No |
|
|
Servers |
DL
Platform |
Proliant
DL785 |
No |
|
|
Servers |
DL Platform |
Proliant DL980 G7 Server |
No |
|
|
Servers |
Platform
Software |
SD 2/SD
X OA2 |
No |
|
|
Servers |
Integrity |
SD 9000 Superdome OA |
No |
|
|
Servers |
MX990X |
MX990X |
No |
|
|
Servers |
Platform Software |
HP Insight Management Agents |
No |
|
|
Servers |
Platform
Software |
HP
OpenVMS |
No |
|
|
Servers |
HP-UX |
HP-UX KERNEL-PROVIDERS |
No |
|
|
Servers |
HP-UX |
HP-UX
LVM Providers |
No |
|
|
Servers |
HP-UX |
HP-UX NParProvider |
No |
|
|
Servers |
HP-UX |
HP-UX
NPartition |
No |
|
|
Servers |
HP-UX |
HP-UX olosProvider |
No |
|
|
Servers |
HP-UX |
HP-UX
PartitionManager |
No |
|
|
Servers |
HP-UX |
HP-UX ProviderSvcsCore |
No |
|
|
Servers |
HP-UX |
HP-UX
RAIDSA-PROVIDER |
No |
|
|
Servers |
HP-UX |
HP-UX SAS-PROVIDER |
No |
|
|
Servers |
HP-UX |
HP-UX
SCSI-Provider |
No |
|
|
Servers |
HP-UX |
HP-UX SFM-CORE |
No |
|
|
Servers |
HP-UX |
HP-UX
VParProvider |
No |
|
|
Servers |
HP-UX |
HP-UX WBEMP-FCP |
No |
|
|
Servers |
HP-UX |
HP-UX
WBEMP-FS |
No |
|
|
Servers |
HP-UX |
HP-UX WBEMP-IOTreeIP |
No |
|
|
Servers |
HP-UX |
HP-UX
WBEMP-LAN |
No |
|
|
Servers |
HP-UX |
HP-UX WBEMP-Storage |
No |
|
|
Servers |
HP-UX |
HP-UX
WBEMServices |
No |
|
|
Servers |
Platform Software |
System Management Homepage for HPUX |
No |
|
|
Servers |
HP-UX |
HP-UX
Perl |
No |
|
|
Servers |
HP-UX |
HP-UX Apache |
No |
|
|
Servers |
HP-UX |
HP-UX
Firefox |
No |
|
|
Servers |
HP-UX |
HP-UX FTP Client |
No |
|
|
Servers |
HP-UX |
HP-UX
FTP Server (WU-FTPD) |
No |
|
|
Servers |
HP-UX |
HP-UX PHP |
No |
|
|
Servers |
HP-UX |
HP-UX
Sendmail |
No |
|
|
Servers |
HP-UX |
HP-UX Thunderbird |
No |
|
|
Servers |
HP-UX |
HP-UX
Tomcat |
No |
|
|
Servers |
NonStop |
NonStop Application Server for Java |
No |
|
|
Software |
Security
Products |
ArcSight
Logger |
No |
|
|
Software |
Security Products |
ArcSight ArcMC |
No |
|
|
Software |
Security
Products |
ArcSight
ESM |
No |
|
|
Software |
Security Products |
ArcSight Connectors |
No |
|
|
Software |
Security
Products |
Enterprise
Secure Key Manager (ESKM) - versions 4.x |
No |
|
|
Software |
Security Products |
Enterprise Secure Key Manager (ESKM)
- versions 5.x |
No |
|
|
Software |
Security
Products |
Atalla
Payments HSM (Axx160 NSP) |
No |
|
|
Storage |
MSA |
MSA |
No |
|
|
Storage |
StoreOpen |
Automation
and Standalone |
No |
|
|
Storage |
LTO Tape Drives |
LTO Tape Drives |
No |
|
|
Storage |
XP
Storage |
HP XP7
Storage System Service Processor |
No |
|
|
Storage |
XP Storage |
HP XP P9500 Disk Array Service
Processor |
No |
|
|
Storage |
XP
Storage |
HP
XP24000/XP20000 Disk Array Service Processor |
No |
|
|
Storage |
XP Software |
HPE Command View Advanced Edition
software v8.x |
No |
|
|
Storage |
StoreEasy |
StoreEasy |
No |
|
|
Storage |
3PAR |
3PAR |
No |
|
|
Storage |
StoreAll |
StoreAll |
No |
|
|
Storage |
StoreOnce |
StoreOnce |
No |
|
|
Storage |
StoreEver |
MSL6480
Tape Library |
No |
|
|
Storage |
StoreEver |
ESL G3 Tape Library |
No |
|
|
Storage |
StoreEver |
MSL 1/8
Autoloader |
No |
|
|
Storage |
StoreEver |
MSL G3 Tape Libraries |
No |
|
|
Storage |
StoreEver |
Archive
Manager |
No |
|
|
Storage |
StoreEver |
Archive Migrator |
No |
|
|
Storage |
StoreEver |
Command
View for Tape Libraries (CVTL) |
No |
|
|
Storage |
StoreEver |
Library and Tape Tools (L&TT) |
No |
|
|
Storage |
StoreOpen |
Automation
and Standalone (LTFS) |
No |
|
|
Storage |
StoreEver |
LTO-7 Ultrium 15000 Tape Drive |
No |
|
|
Storage |
StoreEver |
LTO-6
Ultrium 6260/6650 Tape Drive |
No |
|
|
Storage |
StoreEver |
LTO-5 Ultrium 3000/3280 Tape Drive |
No |
|
|
Storage |
StoreEver |
LTO-4
Ultrium 1760 Tape Drive |
No |
|
|
Storage |
StoreEver |
LTO-3 Ultrium 920 Tape Drive |
No |
|
|
Storage |
Store
Virtual |
Store
Virtual |
No |
|
|
Storage |
StoreFabric |
SN4000B |
No |
|
|
Storage |
StoreFabric |
Gen5
B-series switches (running FOS prior to 8.0.2a or 8.1.0a) |
No |
|
|
Storage |
XP Software |
HPE XP7 Performance Advisor Software
v7.x |
No |
|
|
Servers |
Platform
Firmware |
ROM |
No |
|
|
Servers |
Platform Firmware |
UEFI |
No |
|
|
Enterprise
Software |
CMS SW
Products |
HP
CentralView Software Servies |
No |
|
|
Servers |
Platform Software |
Smart Storage Administrator (SSA) |
No |
|
|
Storage |
3PAR/StoreOnce/StoreVirtual |
HPE
StoreFront Remote |
No |
|
|
Servers |
High Availability |
Serviceguard for Linux and HP-UX |
No |
|
|