Quantum Product Support

Apache Struts2 REST Plug-in Vulnerability


Summary

The recent data breach announced by Equifax has raised concerns across enterprises and institutions about security vulnerabilities within widely used open source software. A vulnerability within an interface to the Apache Struts2 software has been identified as the cause for the unauthorized access to Equifax’s internal systems.


Updated December 5, 2017

The Apache Software Foundation has released security updates that address the vulnerabilities detected within Apache Struts versions 2.5 to 2.5.14. These vulnerabilities could be exploited to take control of an affected system.

The US Computer Emergency Readiness Team (US-CERT) encourages users and administrators to review Apache Security Bulletins S2-054 and S2-055 and upgrade to Struts version 2.5.14.1.


Vulnerable Quantum Products

No Quantum products are affected by the Apache Strut vulnerability.


Unaffected Quantum Products

The following Quantum hardware or software products are not affected by the Apache Struts2 REST security vulnerability.

  • StorNext software, including Storage Manager
  • StorNext Network Attached Storage (NAS)
  • StorNext Connect
  • DXi
  • Lattus (C5, C10, S10, and S20 nodes)
  • SuperLoader3
  • Scalar i3 and i6
  • Scalar i40 and i80
  • Scalar i500
  • Scalar i6000 and i2000
  • iBlades
  • Scalar Key Manager
  • Scalar LTFS
  • StorNext storage appliances
    • M-Series
    • Pro Foundation
    • G-series gateways
    • Artico
    • Xcellis Workflow Directors and Extenders
  • vmPRO
  • Vision
  • Stand-alone tape drives
  • QSX hybrid disk

Impact

Apache Struts is an open source framework used to create enterprise-grade Java web applications. A vulnerability within the Representational State Transfer (REST) plug-in could allow an unauthorized user to execute arbitrary software code, which could cause the system to be compromised. The Apache Software Foundation has confirmed this vulnerability, and has released software updates that address this issue. Additional information about this vulnerability are found in the References section below.


References

Additional information about this vulnerability can be found here:

Contact Information

In US, call 800-284-5101. In Europe, call toll free +800-7826-8888 or direct +49 6131 324 185. You will need your system serial number. For additional contact information, go to http://www.quantum.com/serviceandsupport/get-help/index.aspx#contact-support