Chat now with support
Chat with Support
Self Service Tools
Knowledge Base
My Account
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Support Essentials
Awards and Testimonials
Getting Started
License Agreement
Support Guide

Foglight Product Notification

Return
Critical Alerts
Critical Notification

Critical Notification Foglight Management Server (Apache Struts vulnerability) 

A critical security vulnerability with the Jakarta Multipart parser in certain versions of Apache Struts was documented on March 10, 2017. Please check here for more details about the security vulnerability. All supported versions of the Foglight Management Server use an impacted version of Apache Struts.  

How does this affect me?

The Apache Struts vulnerability is exposed in Foglight. This may allow remote code execution when performing file upload based on Jakarta plugin.

Workaround 

If you are using any version of Foglight, please see Knowledge Base article 227161 for instructions on how to update Apache Struts.

If you are using a Foglight appliance, please see Knowledge Base Article 227265 for instructions on how to hotfix your appliance 

Status

The next releases of the Foglight Management Server and the end-user appliances will include updated versions of Apache Struts. Notifications will be sent out regarding new releases when available.