Quest has been named as an ASP "Ten Best Web Support Sites" award winner. Learn more.

Foglight Network Management System Product Notification

Self Service Tools
Knowledge Base
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Support Essentials
Awards and Testimonials
Getting Started
License Agreement
Support Guide
Return
Critical Issue
Critical Notification

Critical Notification Foglight Management Server (Apache Struts vulnerability) 

A critical security vulnerability with the Jakarta Multipart parser in certain versions of Apache Struts was documented on March 10, 2017. Please check here for more details about the security vulnerability. All supported versions of the Foglight Management Server use an impacted version of Apache Struts.  

How does this affect me?

The Apache Struts vulnerability is exposed in Foglight. This may allow remote code execution when performing file upload based on Jakarta plugin.

Workaround 

If you are using any version of Foglight, please see Knowledge Base article 227161 for instructions on how to update Apache Struts.

If you are using a Foglight appliance, please see Knowledge Base Article 227265 for instructions on how to hotfix your appliance 

Status

The next releases of the Foglight Management Server and the end-user appliances will include updated versions of Apache Struts. Notifications will be sent out regarding new releases when available.