Security Notification Apache Struts2-Global Version

Security Notification Apache Struts2-Global Version

Security Notification –Apache Struts2 Vulnerability Alert in CertainHikvision iVMS Platforms

SN No.:HSRC-201703-05

Edit: HikvisionSecurity Responding Center (HSRC)

Initial Release Date:2017-4-6

Descriptions:

Apache Struts 2 is one ofpopular development frameworks for Java Web applications. However, recently JakartaMultipart parser, a plug-in of Apache Struts 2, was found to have a vulnerabilityof remote code execution. Attackers may execute malicious remote source code bymodifying the Content-Type in HTTP request when uploading the files by suchplug-in. For more information, please refer to the official website of ApacheStruts2: https://struts.apache.org/docs/s2-045.html

Affected Products:

  • iVMS-5200 Professionalbaseline versions V3.3.4 and before, including Mobile and ANPR sub systems.

  • Blazer Pro v1.0 baselineversions

Solution:

Hikvision has published a hotfixto upgrade Apache Struts 2 to its latest version, Struts 2.3.32 and 2.5.10.1,which Apache Struts had officially released to fix the potential vulnerability.To implement the hotfix:

1.   Download the hotfix from Hikvision official website:

  • iVMS-5200 Professional,including Mobile and ANPR sub systems: Click Here
  • Blazer Pro v1.0: Click Here

2.   Copy the hotfix 5200P-ST&FJ-201703.exe to the desktop of the computer orthe Blazer Pro where the Central Management Server service of the iVMS softwareis running.

3.   Close the Service Manager by clicking the Exit button at the notificationarea.

                            

4.   Double click the hotfix to run it. The hotfix will check the running environment,stop the services of the iVMS software, replace the affected files and restartthe services. If you see the interface below, it means that the system has beenupgraded successfully and returned to normal status.

5.   Restart the Service Manager.

If you have any doubt about the upgrade procedure,please do not hesitate to contact Hikvision local support team or at support@hikvision.com.

Contact Us:

Should you have a security problem or concern,please contact Hikvision Security Response Center at hsrc@hikvision.com.

Hikvision.com은 웹사이트가 작동할 수 있도록 엄격히 필요한 쿠키 및 관련 기술을 사용합니다. 귀하의 동의 하에 당사는 쿠키를 사용하여 트래픽 수준 및 기타 지표를 관찰 및 분석/ 타깃 광고 표시/귀하의 위치에 따라 광고 표시/웹 사이트 콘텐츠 맞춤화를 수행하고자 합니다. 자세한 내용은 쿠키 정책을 참조하십시오.

문의하기
Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-Partner Pro
Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.