Search the VMware Knowledge Base (KB)
View by Article ID

VMware Response to CVE-2017-5638: Apache Struts 2 Remote Code Execution (2149442)

  • 1 Ratings


On March 8th, 2017, a critical vulnerability in Apache Struts 2 identified by CVE-2017-5638 was disclosed that may allow for remote code execution.

VMware has classified this issue as critical and as such began work on a fix or corrective action immediately following the disclosure.

The VMware Security Engineering, Communications, and Response group (vSECR) has completed our investigations of the impact this vulnerability may have on VMware products.


Please see VMSA-2017-0004 for details on the vulnerability, affected products, workarounds, and fixes. Products not mentioned in this advisory are not affected by the vulnerability.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 1 Ratings