Need help to resolve Vulnerabilities

Hi Team,

I found one critical Vulnerabilities (97610 - Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE) in bamboo application. We tried to download struts2-core-2.5.20 .jar from apache strut site but its not working, even I tried from maven repository but no luck. So need help from this community to resolve my issue.

Application not started with struts2-core-2.5.20.jar file so I have to roll back with old file again to run application properly.

Bamboo : version 5.13.0.1 build 51314

File Location : /opt/atlassian/bamboo/atlassian-bamboo/WEB-INF/lib

File Name : struts2-core-2.5.1-atlassian-10.jar

Need greater version than 2.5.1

1 answer

0 votes

Hi,

your version is over EOL so I think you have only two options.

Recommended - Upgrade to some newer version to minimal 6.2.5+, because till previous version is also CVE-2017-14589 which is really critical (from my experience someone mining on Bamboo by this vulnereability of Struts
Risk - Try solve it with another version, but as you know it's not easy or impossible.

Can you make upgrade?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

HI Petr,

Thanks for quick reply

I need to check if i can upgrade.

Regards,

Jitendra

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Need help to resolve Vulnerabilities

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events