Attention: Electra Announcement Regarding in Apache Struts 2

Recently, the Apache Software Foundation disclosed a critical vulnerability in Apache Struts 2, this is a software framework for developing Java EE websites. Widespread exploitation began on March 8, 2017.  The vulnerability (CVE-2017-5638) is a Remote Code Execution (RCE) vulnerability that affects the Jakarta Multipart parser in Apache Struts 2.  This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 10 out of 10 due to potential impact; a 10/10 score is exceptionally severe and rare.

You can learn more about this attack at https://struts.apache.org/docs/security-bulletins.html.   This note describes Electra’s response to this problem.

The areas of investigation for remediation for Electra clients are externally facing systems and internal systems.

For externally facing systems Electra can confirm that none of its systems has this particular vulnerability.

For internal systems, one system did have this vulnerability and has been shut down.

We take the responsibility of keeping your information protected very seriously at Electra Information Systems.

We would like to assure you that with regards to the Apache Struts 2 exploit:

1. Your account is secure.
2. Your account details were not exposed in the past and will remain secure.
3. You do not need to take any additional action to safeguard your information.
4. There is no need to change your password.

Leave a suggestion

Client Testimonials

Tammy L. Johnson, Globeflex Capital L.P.
We’ve now been a client for over 11 years and the relationship remains strong. Electra keeps us well informed, continuously innovating and adding functionality. Electra provides information on the latest versions which allows us to take advantage of the latest enhancements as our business requirements change and evolve.
Tammy L. Johnson, Globeflex Capital L.P.

GET MORE INFO

Get more information or schedule a product demo. Someone from our team will contact you promptly.