Last Modified: August 14, 2019

FAQ TOP page > FAQ for details

FAQ number: 608 | Last updated: 2017 June 23
Please let me know countermeasure method for the brittleness of Apache Struts was released from JVN on June 7, 2016.

Article by a vulnerability of Apache Struts posted by JVN would be as follows:

・Operations that can be vulnerability components that are on the memory in JVN JVN#03188560 Apache Struts 1
http://jvn.jp/jp/JVN03188560/index.html

・Brittleness about input value validation function in JVN JVN#65044642 Apache Struts 1
http://jvn.jp/jp/JVN65044642/index.html

○ Of use product in the case of intra-mart BaseModule/WebPlatform/AppFramework

For the patch on the case please obtain it at the following URL.

http://newsupport.intra-mart.jp/patch/download/patch_info.php?patch_cd=1333

Customers who do development using Struts framework is the target subject to the patch of this case in version listed below.
・intra-mart BaseModule Ver4.1 Ver4.2 Ver4.3 Ver5.0 Ver5.1
・intra-mart WebPlatform/AppFramework Ver6.0 Ver6.1 Ver7.0 Ver7.1 Ver7.2

※Ver.7.2 until patch09 will be the target. patch10 are included in this modified as standard.
Please refer to the following URL sharing information of that have been addressed requirements of patch10.

https://issue.intra-mart.jp/issues/23125

○ Of use product in the case of intra-mart AccelPlatform

Download the patch to be applied is can be mentioned for using IM-Juggling.
Please refer to "patch Application to Module" of intra-mart AccelPlatform Setup Guide for details.

Sharing information of requirements in this case would be the URL below.
https://issue.intra-mart.jp/issues/23345

 ※Append June 13, 2016
The vulnerability the URL below was released on the same day, it is confirmed that will not be impacted our standard products.

http://jvn.jp/jp/JVN74659077/index.html

The following vulnerability Does it have influence on intra-mart products?

-------------------------------------------------------------
Reminder about Apache Struts vulnerability (S2-016)
 http://www.jpcert.or.jp/at/2013/at130033.html
Verification Report about the vulnerability (CVE-2013-2251) which arbitrary Java code is executed by the lack of prefix parameter process of Apache Struts2
 http://security.intellilink.co.jp/article/vulner/130723.html
-------------------------------------------------------------
intra-mart products influence about the vulnerability was published by the following URL reported vulnerabilities found in Apache Struts?
http://www.lac.co.jp/security/alert/2014/04/24_alert_01.html
About a serious vulnerability "CVE-2016-3081 (S2-032) " of Apache Struts 2
In JPCERT/CC, vulnerability of open redirect in JVN#68340046 intra-mart
https://jvn.jp/jp/JVN68340046/
Please tell me about the vulnerability was published by the above-mentioned URL reported as.
FullGC of Java was run and the phenomenon to which operation becomes slow occurred.
Please share with us your comments and suggestions about this FAQ