Find Answers

Find Answers

Specified Languages
British English

Vulnerability in Apache Struts 2 (CVE-2017-5638)

Doc ID:    C1744
Version:    1.0
Status:    Published
Published date:    03/17/2017


A vulnerability impacting Apache Struts was issued under Common Vulnerabilities and Exposures (CVE) 2017-5638. Upon release of CVE-2017-5638, Visa reviewed its infrastructure and systems for potential exposure to this CVE. Vulnerable hosts were identified for remediation, however these were determined to be internal and not Internet-facing. Remediation is proceeding as expected. Visa’s Threat Intelligence team is continuing to monitor intelligence sources for additional information on this CVE. Furthermore, Visa has deployed Intrusion Detection System (IDS) Signatures and Security Information and Event Management (SIEM) Alerts to detect potential exploitation of CVE-2017-5638. Web Application Firewall (WAF) detection signatures are being reviewed and will be deployed as soon as they are ready for Production.

Rate This Item