OFS Data Management Application Pack is a
separately licensed product.
Description
Bug 25972050 – APACHE STRUTS CVE-2017-5638
VULNERABILITY IN OFS_DM_PACK
Prerequisites
The
pre-requisites required for this release is as follows:
§ The minimum patch set level should be Oracle Financial
Services Data Management Application Pack 8.0.3.0.0.
§ Upgrade to Struts compatible version
(2.3.32) using the steps mentioned in 2254323.1.
Ignore this prerequisite, if this upgrade has already been done for other
associated products.
Note: This patch contains critical
security vulnerability fix on Apache Struts version. The Apache Struts 2.3.32
jars upgrade is optional for GL. If all the applications have provided Apache
Struts 2.3.32 upgrade then the Struts 2.3.32 jars upgrade can be done.
How to Apply This One-Off Patch Release?
Perform the following steps to apply the
one-off patch:
1. Login to https://support.oracle.com/, and search for Bug# 25972050 under Patches and Updates tab.
2.
Download 25972050_GENERIC.zip archive file,
and copy it to your OFSAA server in Binary mode.
3.
Shut down all the OFSAAI
Services.
4.
Extract the contents of the patch
archive file by using the command: unzip <name of the file to be unzipped>
For example: unzip 25972050_GENERIC.zip
5.
Grant RWX (755) permissions for
folder by executing command: chmod 755 25972050
6.
Navigate to the path: <>/25972050/bin
7.
Execute the command: ./install.sh
8.
Verify the patch installation
logs in the location <>/25972050/logs.
Contact Oracle support in case of any errors.
9.
Generate the application EAR/WAR
file and redeploy the application in the configured web application server. For
further details, refer to Oracle Financial Services Data
Management Application Pack Installation Manual Release 8.0.3.0.0 in OHC Documentation Library.
10.
After successful deployment,
restart all the OFSAAI services. For further details, refer to Oracle Financial
Services Data Management Application Pack Installation
Manual Release 8.0.3.0.0 in OHC Documentation Library.
For details, refer to Oracle
Financial Services Data Management Application Pack Installation Manual Release
8.0.3.0.0 in OHC Documentation
Library.
List of Bugs Fixed in this Release
|
Bug |
Subject |
|
25972050 |
APACHE STRUTS CVE-2017-5638 VULNERABILITY IN OFS_DM_PACK |