Apache Struts 2 Remote Code Execution Vulnerability (CVE-2017-9805)
Summary: Apache Struts 2 disclosed a vulnerability in the REST plugin used in Apache Struts 2, use this article to see if your Dell hardware is affected.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
On September 5, 2017, Apache disclosed a vulnerability in the REST plugin used in Apache Struts 2 that could allow an attacker to execute arbitrary commands remotely on the affected systems by sending a specially crafted web request to the application.
DELL EMC is aware of and investigating this issue to identify potential DELL EMC product impact. The level of impact may vary depending on the affected product. The following table contains the latest available impact information. This table will be updated as additional information becomes available.
The details for this vulnerability can be found at https://struts.apache.org/docs/s2-052.html.
For status of Dell EMC products, see: https://support.emc.com/kb/503891.
For status of RSA products, see: https://community.rsa.com/docs/DOC-79872.
For status of VCE products, see: http://support.vce.com/kA2A0000000LKm0.
Systems Not Affected
| Enterprise Products | |||
|---|---|---|---|
| Product | Supported Versions | Impacted? | Recommended Action |
| 11G iDRAC F/W | ALL | NO | None |
| 12G iDRAC F/W | ALL | NO | None |
| 12G Vendor F/W | ALL | NO | None |
| 13G iDRAC F/W | ALL | NO | None |
| 14G iDRAC F/W | ALL | NO | None |
| Active Fabric Controller (AFC) | NO | None | |
| Active Fabric Manager (AFM) | NO | None | |
| All EqualLogic PS series storage arrays | ALL | NO | None |
| BIOS Graphical setup | ALL | NO | None |
| Brocade OEM Series | NO | None | |
| Cisco Nexus B22DELL Blade Fabric Extender | NO | None | |
| Compellent Replay Manager | ALL | NO | None |
| C-Series | NO | None | |
| Dell Chassis Management Controller CMC 3.2 & earlier | ALL | NO | None |
| Dell Chassis Management Controller CMC 4.5 & later | ALL | NO | None |
| Dell Compellent SC4020 Storage Center Controller SC200 (12 x 3.5" drive slots, 6Gb SAS) SC220 (24 x 2.5" drive slots, 6Gb SAS) SC280 (84 x 3.5" drive slots, 6Gb SAS) |
Versions 6.5.10, 6.5.30, 6.7.5, 7.1.2, 7.1.4 | NO | None |
| "Dell Compellent SC7020 Storage Center Controller Dell Storage SC420 (24 x 2.5" drive slots, 12Gb SAS) Dell Storage SC400 (12 x 3.5" drive slots, 12Gb SAS) Dell Storage SC280 (84 x 3.5" drive slots, 6Gb SAS) Dell Storage SC220 (24 x 2.5" drive slots, 6Gb SAS) Dell Storage SC200 (12 x 3.5" drive slots, 6Gb SAS) Versions 7.1.1, 7.1.5 |
Versions 7.1.2, 7.1.4 | NO | None |
| Dell Compellent SC8000 Storage Center Controller SC200 Expansion Enclosure SC220 Expansion Enclosure SC280 Dense Enclosure Dell Compellent Flash-Optimized Solutions Dell/Compellent 3.5"" 6Gb SAS Enclosure (EBOD) Dell/Compellent 2.5"" 6Gb SAS Enclosure (EBOD) Dell/Compellent 3.5"" 3Gb SAS Enclosure (EBOD) Dell/Compellent 3.5"" 4Gb SAS Enclosure (EBOD) |
Versions 6.3.1, 6.3.2, 6.3.10, 6.4.1, 6.4.2, 6.4.3, 6.4.4,6.4.5, 6.5.2, 6.5.3, 6.5.10, 6.5.20, 6.5.30, 7.1.4 | NO | None |
| Dell Compellent SC9000 Storage Center Controller SC420 (24 2.5" drive slots, 12Gb SAS) SC400 (12 3.5" drive slots, 12Gb SAS) SC280 (84 3.5" drive slots, 6Gb SAS) SC220 (24 2.5" drive slots, 6Gb SAS) SC200 (12 3.5" drive slots, 6Gb SAS) |
Versions 6.7.5, 7.1.4 | NO | None |
| Dell Compellent SCv2000, SCv2020, SCv2080 Storage Center Controller Dell SC100: 12 x 3.5" or 2.5" drive bays Dell SC120: 24 x 2.5" drive bays Dell SC100: 12 x 3.5" drive or 2.5" bays Dell SC120: 24 x 2.5" drive bays Dell SC180: 84 x 2.5" or 3.5" drive bays |
Versions 6.6.5, 6.6.11, 7.1.2, 7.1.4 | NO | None |
| Dell Compellent VMware Site Recovery Manager Site Replication Adapter SRA | ALL | NO | None |
| Dell Connectors for CA/IBM/HP | ALL | NO | None |
| Dell LifeCycle Controller | ALL | NO | None |
| Dell Open Manage Server Administrator (OMSA) | ALL | NO | None |
| Dell OpenManage Mobile (OMM) | ALL | NO | None |
| Dell OpenManage Power Center (OMPC) | ALL | NO | None |
| Dell Plug-in for Oracle Enterprise Manager | ALL | NO | None |
| Dell Repository Manager | ALL | NO | None |
| Dell Storage Enterprise Manager ( Data Collector, Client and Server agent) | ALL | NO | None |
| Dell Storage Integration Tools for VMware (DSITV) | ALL | NO | None |
| Dell Storage Management Pack for vRealize Operations (VRO) Manager | ALL | NO | None |
| Dell Storage Manager (DSM) | ALL | NO | None |
| Dell Storage Replay Manager Services (RMS) | ALL | NO | None |
| Dell Storage Replay Manager Services for Vmware (RMSV) | ALL | NO | None |
| Dell Storage Solution Pack for vCenter Operations Manager(vROPS) | ALL | NO | None |
| Dell Storage vSphere Web Client Plugin | ALL | NO | None |
| Dell Virtual Storage Manager (VSM) | ALL | NO | None |
| DTK | ALL | NO | None |
| Equallogic Firmware | ALL | NO | None |
| E-Series | NO | None | |
| ESXi 6.0 Update 2 | NO | None | |
| ESXi 6.5 | NO | None | |
| FluidCache | ALL | NO | None |
| FluidFS ( FS8600, 7600, 7610, 7500) | ALL | NO | None |
| H710/H710P/H810/H310 (PERC 8) Controllers | NO | None | |
| H730/H730P/H830/H330 (PERC 9) Controllers | NO | None | |
| HBA330 Controller | NO | None | |
| HIT / Linux | ALL | NO | None |
| HIT/ME | ALL | NO | None |
| Intel, Broadcom, Emulex, Brocade, Qlogic, Mellanox - NDC & NICs => In all PowerEdge Servers (racks +blades) | ALL | NO | None |
| IOA | NO | None | |
| IOM (MXL) E9.2.0.x, E9.3.0.0 | NO | None | |
| IOM (MXL) in PowerEdge M1000e Chassis [ NA for non-M1000e servers] | ALL | NO | None |
| IOMs (Network Switches &IOA) in PowerEdge M1000e Chassis -- All except IOM (MXL) [Applies only to Blades] | ALL | NO | None |
| Intel SSD | NO | None | |
| Micron SSD | NO | None | |
| ML6000 | ALL | NO | None |
| N20xx | NO | None | |
| N30xx | NO | None | |
| N40xx | NO | None | |
| NX3600, 3610, 3500 | ALL | NO | None |
| OMNM | NO | None | |
| OpenManage Essentials (OME) Version 1.3 | ALL | NO | None |
| OpenManage Integration for VMware vCenter | ALL | NO | None |
| OpenManage Integration for VMware vCenter | 4.0 and 3.1 | NO | None |
| OpenManage Management Pack for vRealize Operations Manager | 1 | NO | None |
| OpenStack Driver | ALL | NO | None |
| PC28xx | NO | None | |
| PC35xx | NO | None | |
| PC55xx | NO | None | |
| PC62xx | NO | None | |
| PC70xx | NO | None | |
| PC8024 | NO | None | |
| PC80xx | NO | None | |
| PC8100 | NO | None | |
| PCM6220 | NO | None | |
| PCM6348 | NO | None | |
| PCM8024 | NO | None | |
| PCM8024K | NO | None | |
| PERC SL/SLIRx | NO | None | |
| PERCCli | NO | None | |
| Phone Home | ALL | NO | None |
| PowerVault LTO5 | ALL | NO | None |
| PowerVault LTO6 | ALL | NO | None |
| PowerVault LTO7 | ALL | NO | None |
| Redhat Enterprise Server 5.11 | NO | None | |
| Redhat Enterprise Server 7.2 | NO | None | |
| RD1000 | ALL | NO | None |
| S25 | NO | None | |
| S4810 (E9.1.0.x, E9.2.0.x, E9.3.0.0) | NO | None | |
| S4820 (E9.1.0.x, E9.2.0.x, E9.3.0.0) | NO | None | |
| S50 | NO | None | |
| S5000 (E9.1.1.0) | NO | None | |
| S55 | NO | None | |
| S60 | NO | None | |
| S6000 (E9.3.0.0) | NO | None | |
| Samsung SSD | NO | None | |
| SAN Headquarters (SAN HQ) | ALL | NO | None |
| SanDisk Velocity | NO | None | |
| Sandisk/Fusion I/O SSD | NO | None | |
| SBUU | ALL | NO | None |
| SCOM Management Pack v2 and v3 | ALL | NO | None |
| Series 10 Controller EN-FC2X16 : Compellent 16 bay W/FC Interface EN-SA2X16 : Compellent Enclosure, SATA, 2Gb, 16 bay |
Version 5.x | NO | None |
| Series 20 Controller EN-FC2X16 : Compellent 16 bay W/FC Interface EN-SA2X16 : Compellent Enclosure, SATA, 2Gb, 16 bay EN-SB4X16 : Dell/Compellent 3.5"" 4Gb FC Enclosure (SBOD) |
Version 5.x | NO | None |
| Series 30 Controller EN-FC2X16 : Compellent 16 bay W/FC Interface EN-SA2X16: Compellent Enclosure, SATA, 2Gb, 16 bay; EN-SB4X16 : Dell/Compellent 3.5"" 4Gb FC Enclosure (SBOD) EN-SAS3-1235 : Dell/Compellent 3.5"" 3Gb SAS Enclosure (EBOD) EN-SAS6-1235 : Dell/Compellent 3.5"" 6Gb SAS Enclosure (EBOD) |
Version 5.x | NO | None |
| Series 40 controller Dell/Compellent 3.5"" 6Gb SAS Enclosure (EBOD) Dell/Compellent 2.5"" 6Gb SAS Enclosure (EBOD) Dell/Compellent 3.5"" 3Gb SAS Enclosure (EBOD) Dell/Compellent 3.5"" 4Gb FC Enclosure (SBOD) SC200 Expansion Enclosure SC220 Expansion Enclosure |
Versions 5.x, 6.0.6.1.,6.2 | NO | None |
| Series 40 controller Dell/Compellent 3.5"" 6Gb SAS Enclosure (EBOD) Dell/Compellent 2.5"" 6Gb SAS Enclosure (EBOD) Dell/Compellent 3.5"" 3Gb SAS Enclosure (EBOD) Dell/Compellent 3.5"" 4Gb FC Enclosure (SBOD) SC200 Expansion Enclosure SC220 Expansion Enclosure |
6.3.1, 6.3.2, 6.3.10, 6.4.3, 6.4.4, 6.4.5, 6.5.2, 6.5.3, 6.5.10, 6.5.20, 6.5.30 | NO | None |
| Shared PERC 8 ( VRTX ) | NO | None | |
| Software RAID ( S1xx & S3xx series ) | NO | None | |
| Storage Center Operation System (SCOS) | GA versions of 5.x, 6.x and 7.x | NO | None |
| Suse Linux Enterprise Server 10 SP4 | NO | None | |
| Suse Linux Enterprise Server 12 SP1 | NO | None | |
| Tejas ( DLCI for SCVMM ) | ALL | NO | None |
| TL1000 | ALL | NO | None |
| TL20000 | ALL | NO | None |
| TL40000 | ALL | NO | None |
| Tribes/ PowerVault MD 34/38 series | ALL | NO | None |
| VMware ESX MPIO (MEM) | ALL | NO | None |
| W-Series (ArubaOS 6.3.x, 6.4.x) | NO | None | |
| Z9000 (E9.1.0.x, E9.2.0.x, E9.3.0.0) | NO | None | |
| Z9500 | NO | None | |
| Client Products | |||
|---|---|---|---|
| Product | Supported Versions | Impacted? | Recommended Action |
| AWCC (Alienware Command Center) | NO | NONE | |
| China HDD Deluxe | NO | NONE | |
| China Web Directory | NO | NONE | |
| Cirrus (Dell Digital Delivery) | NO | NONE | |
| DCC (Dell Command Configure) | NO | NONE | |
| DCIS (Dell Command Integration Suite for System Center) | NO | NONE | |
| DCIV (Dell Command Intel vPro Out of Band) | NO | NONE | |
| DCM (Dell Command Monitor) | NO | NONE | |
| DCPM (Dell Command Power Manager) | NO | NONE | |
| DCPP (Dell Command Powershell Provider) | NO | NONE | |
| DCU (Dell Command Update) | NO | NONE | |
| DDP| ESS | NO | NONE | |
| DDP| ESSE | NO | NONE | |
| DDP| SL | NO | NONE | |
| DDP| ST | NO | NONE | |
| DDP| TD | NO | NONE | |
| DDP|E BLM | NO | NONE | |
| DDP|E EE | NO | NONE | |
| DDP|E PE | NO | NONE | |
| DDRE (Dell Data Recovery Environment) | NO | NONE | |
| Dell Customer Connect | NO | NONE | |
| Dell OS Recovery Tool | NO | NONE | |
| Dell Registration | NO | NONE | |
| DFS (Dell Foundation Services) | NO | NONE | |
| DHS (Dell Help & Support) | NO | NONE | |
| DPO (Dell Precision Optimizer) | NO | NONE | |
| DU (Dell Update) | NO | NONE | |
| HiveMind | NO | NONE | |
| Intel Unite | NO | NONE | |
| Premier Color | NO | NONE | |
| RCC (Rugged Control Center) | NO | NONE | |
| SmartByte | NO | NONE | |
| SupportAssist SOS | NO | NONE | |
| True Color | NO | NONE | |
Affected Products
ServersArticle Properties
Article Number: 000175627
Article Type: Solution
Last Modified: 18 Aug 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.