Endpoint Protection

Expand all | Collapse all

CVE-2017-9805 Apache Struts Vulnerability

  • 1.  CVE-2017-9805 Apache Struts Vulnerability

    Posted 09-06-2017 03:17 PM

    There is a fresh vulnerability out for Apache. CVE-2017-9805

    While my SEPM is not internet facing, I would like to know how people are securing their SEPM from Apache vulnerabilities. This is the second one this year.
    There does not seem to be an NTP rule out for this yet.



  • 2.  RE: CVE-2017-9805 Apache Struts Vulnerability

    Posted 09-06-2017 03:23 PM

    For any external/DMZ facing SEPM, firewall off the web service ports and only allow what's needed, which should be client communication.



  • 3.  RE: CVE-2017-9805 Apache Struts Vulnerability

    Posted 09-07-2017 05:13 AM

    Hi cable mite,

    The Apache software built into the SEPM is a custom build, usually hardened down to do just what is needed and not open to anything else. If Symantec's internal reasearchers determine there is a danger, a new version of the SEPM will be released to keep the organization safe.  There's no need to try to manually upgrade or patch the Apache software built into the SEPM.

    Security Advisories Relating to Symantec Products
    https://www.symantec.com/security_response/securityupdates/list.jsp?fid=security_advisory

    For other Apache software, best practice calls for patching as soon as vendors make patches available!  One is available for CVE-2017-9805 now.



  • 4.  RE: CVE-2017-9805 Apache Struts Vulnerability

    Posted 09-07-2017 08:26 PM

    Looks like the NTP/IPS rule for CVE-2017-9805 was released on the 7th: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=sep&pvid=sep1213&year=2017&suid=SEP_Jaguar-SU1610-20170907.011

    LiveUpdate Def ID 20170907.011 should have you covered.



  • 5.  RE: CVE-2017-9805 Apache Struts Vulnerability

    Posted 09-08-2017 04:45 AM

    Thanks sc0rh!

    The latest IPS defs, "Symantec Endpoint Protection - Security Update 220" do indeed include:

    Attack: Apache Struts CVE 2017 9805 2 https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30278