Is there any Qlik Product that is using Apache Struts vulnerability (CVE-2018-11776) and potentially vulnerable ?
Question regarding CVE-2018-11776 on Apache Struts
Apache has released details of a new vulnerability related to web applications that are coded with the STRUTS framework, which if exploited could allow a malicious party to remotely execute code. The vulnerability, identified by CVE-2018-11776 impacts systems running Apache Struts v2.3 to 2.3.34 and v2.5 to 2.5.16 and any currently unsupported Struts versions. The vulnerability relies on an error in how Apache validates the namespace parameter in several underlying XML configurations.
Details of which are provided here: https://cwiki.apache.org/confluence/display/WW/S2-057
At today 28/08/2018 no Qlik Product is using Apache Struts.
If you like to find which of other programs installed on your machine is using Apache Struts refering to https://stackoverflow.com/questions/4021995/how-to-find-the-struts-version-being-used-in-a-project
On a Windows system:
- Open file explorer, search for struts*.jar
search on each Drive .