.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Tags: RSA NetWitness Platform, Technical Advisories
Advisory Type
Security
Advisory Content
Summary
The Apache Software Foundation has patched a vulnerability identified as CVE-2017-9805. The vulnerability affects all versions of Apache Struts since 2008. In response to this we have created and released a parser to help identify systems exploited by the vulnerability. Upon this parser matching network traffic you'll see "apache struts CVE-2017-9805 attempt" appear in the 'Indicators of Compromise' meta-key and the command that was included in the exploit attempt will be present in the 'Action' meta-key. The parser, 'struts_exploit', is now available in RSA NetWitness Live.
Here's a sample attack that our researchers have seen in the wild:
EOPS Policy
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the
Product Version Life Cycle for additional details.