Response to Apache Struts vulnerability announcement

Sep 29, 2017 | By Kurt Poudrier

On September 15, 2017, the FBI Cyber Division issued Alert Number MC-000086-MW regarding a security vulnerability found with Apache Struts web servers.  Through a coordination of efforts, our engineers have reviewed the notice and we are providing the below response:

This vulnerability is regarding Apache Struts which is a Linux platform and is not patched by our patch management system.  However, these sorts of Linux-based web servers would be patched by any individual web service provider that leverages the Apache Struts platform – either the application developer for anything that may leverage it in-house, or by the web host for anything managed that’s outside of your environment.  This is a question better directed to your key line of business application vendors and core provider, as well as your web host or any internet-facing application providers.

For your benefit, the following is a question you can send to your application vendors:

"Hello,

We have recently received a bulletin from the Massachusetts Division of Banks regarding an FBI/DHS Joint Analysis about a critical vulnerability in the web server software frame-work, Apache Struts. Can you please provide a response with regards to if the software we utilize from you is susceptible to this vulnerability and if so what steps you are taking to re-mediate and ensure we are no longer affected."

In addition, we are reviewing manufacturer websites with regards to this vulnerability to see if they have released any security bulletins and will take action accordingly.

When our office server crashed, IBS went into action right away. We put our IT company to the task and they excelled. Thank you IBS!
Leslie Cernak, Vice President, Cernak Fuel Corp.

Accreditations

We have partnered with the best IT companies to provide you stable, industry-leading solutions.

View all accreditations

Stay In Touch

Stay informed about industry trends, security alerts and upcoming Innovative events.

innovative business systems logo

© 2017 Innovative Business Systems. All rights reserved.

Looking for on-demand home office or small business IT help? Visit TechCavalry.