KB Article #178498

Why is there no impact to VA from CVE-2017-5638?

Problem

VA uses Apache. Is VA affected by the Apache Struts vulnerability CVE-2017-5638?

Resolution

No, Apache Struts is not a component of VA and there is no impact. We use the Apache web server, not the Apache Struts framework. Accordingly, there is no impact to VA from CVE-2017-5638.

General Information

Published:: 28 March 2017
Last Modified:: 28 March 2017

Affected Products

Validation Authority 4.12.*

Affected OS

win-x86-64
win-x86-32
sun-sparc-64
sun-sparc-32
linux-x86-64
linux-x86-32
ap-x86-64
...Other

VA is not vulnerable to CVE-2017-9788 and CVE-2017-9789
VA: CVE-2003-1418 - Apache Server ETag Header Information Disclosure
The UI for Validation Authority is slow and unresponsive
Weak DH Modulus ("Logjam" issue) Detected on VA Server
Do Apache POI or STRUTS CVEs apply to DV, SV or VA?

Problem

Resolution

Still need help?