Skip to main content
Support

KB Article #179721

Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2018

List of possible security vulnerabilities reported against SecureTransport and corresponding analysis based on Axway's research.


NOTE: This KB lists only the vulnerabilities, tagged with the year 2018. For CVEs from other years, refer to the following articles:
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2017
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2016
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2015
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2014
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2013
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2012
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2011
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2010
Security Vulnerabilities (CVE) reported against SecureTransport tagged with the year 2009 and earlier


Additional lists of security vulnerabilities reported against SecureTransport application without formal CVE/CWE identifiers or against ST appliance platforms can be found at :



CVE Reference CVSS v2 Base Score Attack Vector Version Reported Version Fixed KB Article
CVE-2018-11776 N/A Network All All -
Added: 04 Sep 2018 Last modified: 04 Sep 2018

1. ST version above ST 5.3.1, including, do not include Apache Struts anymore.


2. ST versions below ST 5.3.1 do ship with Apache Struts 1.1. ST is still not vulnerable, because:


2.1. Semmle researchers, who discovered this CVE, do not seem to include Apache Struts 1.1 in their list of effected versions. (link)


2.2. Both of the following conditions need to be met (link).


a. <action>_tag is used without specifying a Namespace. ST is using this tag without Namespace._


b. alwaysSelectFullNamespace flag needs to be set to true as well. However, this parameter does not exist in Apache Struts 1.x (link) and thus can't be enabled by ST.


So even though Apache Struts 1.x were vulnerable, since ST does not meet both conditions, it is not vulnerable.


3. The exploit could not be reproduced in ST 5.2.1 SP9, which uses Apache Struts 1.1