Apache Struts 2 Remote Code Execution Vulnerability (CVE-2017-9805)

Summary: Apache Struts 2 disclosed a vulnerability in the REST plugin used in Apache Struts 2, use this article to see if your Dell hardware is affected.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

On September 5, 2017, Apache disclosed a vulnerability in the REST plugin used in Apache Struts 2 that could allow an attacker to execute arbitrary commands remotely on the affected systems by sending a specially crafted web request to the application.

 

DELL EMC is aware of and investigating this issue to identify potential DELL EMC product impact. The level of impact may vary depending on the affected product. The following table contains the latest available impact information. This table will be updated as additional information becomes available.

 

The details for this vulnerability can be found at https://struts.apache.org/docs/s2-052.html.

 

For status of Dell EMC products, see: https://support.emc.com/kb/503891.

For status of RSA products, see: https://community.rsa.com/docs/DOC-79872.

For status of VCE products, see: http://support.vce.com/kA2A0000000LKm0.


Systems Not Affected

Enterprise Products
Product Supported Versions Impacted? Recommended Action
11G iDRAC F/W ALL NO None
12G iDRAC F/W ALL NO None
12G Vendor F/W ALL NO None
13G iDRAC F/W ALL NO None
14G iDRAC F/W ALL NO None
Active Fabric Controller (AFC)   NO None
Active Fabric Manager (AFM)   NO None
All EqualLogic PS series storage arrays ALL NO None
BIOS Graphical setup ALL NO None
Brocade OEM Series   NO None
Cisco Nexus B22DELL Blade Fabric Extender   NO None
Compellent Replay Manager ALL NO None
C-Series   NO None
Dell Chassis Management Controller CMC 3.2 & earlier ALL NO None
Dell Chassis Management Controller CMC 4.5 & later ALL NO None
Dell Compellent SC4020 Storage Center Controller

SC200 (12 x 3.5" drive slots, 6Gb SAS)
SC220 (24 x 2.5" drive slots, 6Gb SAS)
SC280 (84 x 3.5" drive slots, 6Gb SAS)		 Versions 6.5.10, 6.5.30, 6.7.5, 7.1.2, 7.1.4 NO None
"Dell Compellent SC7020  Storage Center Controller

Dell Storage SC420 (24 x 2.5" drive slots, 12Gb SAS)
Dell Storage SC400 (12 x 3.5" drive slots, 12Gb SAS)
Dell Storage SC280 (84 x 3.5" drive slots, 6Gb SAS)
Dell Storage SC220 (24 x 2.5" drive slots, 6Gb SAS)
Dell Storage SC200 (12 x 3.5" drive slots, 6Gb SAS)
Versions 7.1.1, 7.1.5		 Versions 7.1.2, 7.1.4 NO None
Dell Compellent SC8000 Storage Center Controller

SC200 Expansion Enclosure
SC220 Expansion Enclosure
SC280 Dense Enclosure
Dell Compellent Flash-Optimized Solutions
Dell/Compellent 3.5"" 6Gb SAS Enclosure (EBOD)
Dell/Compellent 2.5"" 6Gb SAS Enclosure (EBOD)
Dell/Compellent 3.5"" 3Gb SAS Enclosure (EBOD)
Dell/Compellent 3.5"" 4Gb SAS Enclosure (EBOD)		 Versions 6.3.1, 6.3.2, 6.3.10, 6.4.1, 6.4.2, 6.4.3, 6.4.4,6.4.5, 6.5.2, 6.5.3, 6.5.10, 6.5.20, 6.5.30, 7.1.4 NO None
Dell Compellent SC9000 Storage Center Controller

SC420 (24 2.5" drive slots, 12Gb SAS)
SC400 (12 3.5" drive slots, 12Gb SAS)
SC280 (84 3.5" drive slots, 6Gb SAS)
SC220 (24 2.5" drive slots, 6Gb SAS)
SC200 (12 3.5" drive slots, 6Gb SAS)		 Versions 6.7.5, 7.1.4 NO None
Dell Compellent SCv2000, SCv2020, SCv2080 Storage Center Controller

Dell SC100: 12 x 3.5" or 2.5" drive bays
Dell SC120: 24 x 2.5" drive bays
Dell SC100: 12 x 3.5" drive or 2.5" bays
Dell SC120: 24 x 2.5" drive bays
Dell SC180: 84 x 2.5" or 3.5" drive bays		 Versions 6.6.5, 6.6.11, 7.1.2, 7.1.4 NO None
Dell Compellent VMware Site Recovery Manager Site Replication Adapter SRA ALL NO None
Dell Connectors for CA/IBM/HP ALL NO None
Dell LifeCycle Controller ALL NO None
Dell Open Manage Server Administrator (OMSA) ALL NO None
Dell OpenManage Mobile (OMM) ALL NO None
Dell OpenManage Power Center (OMPC) ALL NO None
Dell Plug-in for Oracle Enterprise Manager ALL NO None
Dell Repository Manager ALL NO None
Dell Storage Enterprise Manager ( Data Collector, Client and Server agent) ALL NO None
Dell Storage Integration Tools for VMware (DSITV) ALL NO None
Dell Storage Management Pack for vRealize Operations (VRO) Manager ALL NO None
Dell Storage Manager (DSM) ALL NO None
Dell Storage Replay Manager Services (RMS) ALL NO None
Dell Storage Replay Manager Services for Vmware (RMSV) ALL NO None
Dell Storage Solution Pack for vCenter Operations Manager(vROPS) ALL NO None
Dell Storage vSphere Web Client Plugin ALL NO None
Dell Virtual Storage Manager (VSM) ALL NO None
DTK ALL NO None
Equallogic Firmware ALL NO None
E-Series   NO None
ESXi 6.0 Update 2   NO None
ESXi 6.5   NO None
FluidCache ALL NO None
FluidFS ( FS8600, 7600, 7610, 7500) ALL NO None
H710/H710P/H810/H310 (PERC 8) Controllers   NO None
H730/H730P/H830/H330 (PERC 9) Controllers   NO None
HBA330 Controller   NO None
HIT / Linux ALL NO None
HIT/ME ALL NO None
Intel, Broadcom, Emulex, Brocade, Qlogic, Mellanox - NDC & NICs => In all PowerEdge Servers (racks +blades) ALL NO None
IOA   NO None
IOM (MXL) E9.2.0.x, E9.3.0.0   NO None
IOM (MXL)  in PowerEdge M1000e Chassis     [ NA for non-M1000e servers] ALL NO None
IOMs (Network Switches &IOA) in PowerEdge M1000e Chassis -- All except IOM (MXL)  [Applies only to Blades] ALL NO None
Intel SSD   NO None
Micron SSD   NO None
ML6000 ALL NO None
N20xx   NO None
N30xx   NO None
N40xx   NO None
NX3600, 3610, 3500 ALL NO None
OMNM   NO None
OpenManage Essentials (OME) Version 1.3 ALL NO None
OpenManage Integration for VMware vCenter ALL NO None
OpenManage Integration for VMware vCenter 4.0 and 3.1 NO None
OpenManage Management Pack for vRealize Operations Manager 1 NO None
OpenStack Driver ALL NO None
PC28xx   NO None
PC35xx   NO None
PC55xx   NO None
PC62xx   NO None
PC70xx   NO None
PC8024   NO None
PC80xx   NO None
PC8100   NO None
PCM6220   NO None
PCM6348   NO None
PCM8024   NO None
PCM8024K   NO None
PERC SL/SLIRx   NO None
PERCCli   NO None
Phone Home ALL NO None
PowerVault LTO5 ALL NO None
PowerVault LTO6 ALL NO None
PowerVault LTO7 ALL NO None
Redhat Enterprise Server 5.11   NO None
Redhat Enterprise Server 7.2   NO None
RD1000 ALL NO None
S25   NO None
S4810  (E9.1.0.x, E9.2.0.x, E9.3.0.0)   NO None
S4820 (E9.1.0.x, E9.2.0.x, E9.3.0.0)   NO None
S50   NO None
S5000 (E9.1.1.0)   NO None
S55   NO None
S60   NO None
S6000 (E9.3.0.0)   NO None
Samsung SSD   NO None
SAN Headquarters (SAN HQ) ALL NO None
SanDisk Velocity   NO None
Sandisk/Fusion I/O SSD   NO None
SBUU ALL NO None
SCOM Management Pack v2 and v3 ALL NO None
Series 10 Controller

EN-FC2X16 : Compellent 16 bay W/FC Interface
EN-SA2X16 : Compellent Enclosure, SATA, 2Gb, 16 bay		 Version 5.x NO None
Series 20 Controller

EN-FC2X16 : Compellent 16 bay W/FC Interface
EN-SA2X16 : Compellent Enclosure, SATA, 2Gb, 16 bay
EN-SB4X16 : Dell/Compellent 3.5"" 4Gb FC Enclosure (SBOD)		 Version 5.x NO None
Series 30 Controller

EN-FC2X16 : Compellent 16 bay W/FC Interface
EN-SA2X16: Compellent Enclosure, SATA, 2Gb, 16 bay;
EN-SB4X16 : Dell/Compellent 3.5"" 4Gb FC Enclosure (SBOD)
EN-SAS3-1235 : Dell/Compellent 3.5"" 3Gb SAS Enclosure (EBOD)
EN-SAS6-1235 : Dell/Compellent 3.5"" 6Gb SAS Enclosure (EBOD)		 Version 5.x NO None
Series 40 controller

Dell/Compellent 3.5"" 6Gb SAS Enclosure (EBOD)
Dell/Compellent 2.5"" 6Gb SAS Enclosure (EBOD)
Dell/Compellent 3.5"" 3Gb SAS Enclosure (EBOD)
Dell/Compellent 3.5"" 4Gb FC Enclosure (SBOD)
SC200 Expansion Enclosure
SC220 Expansion Enclosure		 Versions 5.x, 6.0.6.1.,6.2 NO None
Series 40 controller

Dell/Compellent 3.5"" 6Gb SAS Enclosure (EBOD)
Dell/Compellent 2.5"" 6Gb SAS Enclosure (EBOD)
Dell/Compellent 3.5"" 3Gb SAS Enclosure (EBOD)
Dell/Compellent 3.5"" 4Gb FC Enclosure (SBOD)
SC200 Expansion Enclosure
SC220 Expansion Enclosure		 6.3.1, 6.3.2, 6.3.10, 6.4.3, 6.4.4, 6.4.5, 6.5.2, 6.5.3, 6.5.10, 6.5.20, 6.5.30 NO None
Shared PERC 8 ( VRTX )   NO None
Software RAID ( S1xx & S3xx series )   NO None
Storage Center Operation System (SCOS) GA versions of 5.x, 6.x and 7.x NO None
Suse Linux Enterprise Server 10 SP4   NO None
Suse Linux Enterprise Server 12 SP1   NO None
Tejas ( DLCI for SCVMM ) ALL NO None
TL1000 ALL NO None
TL20000 ALL NO None
TL40000 ALL NO None
Tribes/ PowerVault MD 34/38 series ALL NO None
VMware ESX MPIO (MEM) ALL NO None
W-Series (ArubaOS 6.3.x, 6.4.x)   NO None
Z9000 (E9.1.0.x, E9.2.0.x, E9.3.0.0)   NO None
Z9500   NO None
 

 
Client Products
Product Supported Versions Impacted? Recommended Action
AWCC (Alienware Command Center)   NO NONE
China HDD Deluxe   NO NONE
China Web Directory   NO NONE
Cirrus (Dell Digital Delivery)   NO NONE
DCC (Dell Command Configure)   NO NONE
DCIS (Dell Command Integration Suite for System Center)   NO NONE
DCIV (Dell Command Intel vPro Out of Band)   NO NONE
DCM (Dell Command Monitor)   NO NONE
DCPM (Dell Command Power Manager)   NO NONE
DCPP (Dell Command Powershell Provider)   NO NONE
DCU (Dell Command Update)   NO NONE
DDP| ESS   NO NONE
DDP| ESSE   NO NONE
DDP| SL   NO NONE
DDP| ST   NO NONE
DDP| TD   NO NONE
DDP|E BLM   NO NONE
DDP|E EE   NO NONE
DDP|E PE   NO NONE
DDRE (Dell Data Recovery Environment)   NO NONE
Dell Customer Connect   NO NONE
Dell OS Recovery Tool   NO NONE
Dell Registration   NO NONE
DFS (Dell Foundation Services)   NO NONE
DHS (Dell Help & Support)   NO NONE
DPO (Dell Precision Optimizer)   NO NONE
DU (Dell Update)   NO NONE
HiveMind   NO NONE
Intel Unite   NO NONE
Premier Color   NO NONE
RCC (Rugged Control Center)   NO NONE
SmartByte   NO NONE
SupportAssist SOS   NO NONE
True Color   NO NONE

Affected Products

Servers
Article Properties
Article Number: 000175627
Article Type: Solution
Last Modified: 18 Aug 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.