Alteryx Connect Discussions

mcartwri · ‎03-08-2021

My understanding is, not only is this a very old CVE, but Connect installs Tomcat.

Is there a way to upgrade JUST Apache on the connect install, or should this be reported to Tenable as a false-positive?

Apache Struts 2.3.1.1 Multiple Vulnerabilities
Diagnosis:
The version of Apache Struts running on the remote host is prior to 2.3.1.1. It, therefore, affected by multiple
vulnerabilities:

- The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which
allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code
execution through a static method. (CVE-2012-0392)

- Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor
class and execute arbitrary commands. (CVE-2011-3923)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

See Also:
https://cwiki.apache.org/confluence/display/WW/S2-008
Related CVE IDs:
CVE-2012-0392
CVE-2011-3923
Solution: Upgrade to Apache Struts version 2.3.1.1 or later

lepome · ‎03-09-2021

@mcartwri

You should be able to remove the offending .jar(s).

By default, the installation path for Connect is C:\Program Files\AlteryxConnect. You may have installed to a different location. The full path to the .jar files is (again, by default) C:\Program Files\AlteryxConnect\webapps\ROOT\WEB-INF\lib

You can search for struts, and then delete the files that contain the vulnerabilities.

After you delete them, you'll need to restart Connect.

Fully delete these files, then restart

Lisa LePome
Principal Support Engineer -- Knowledge Management Coach
Alteryx, Inc.

mcartwri · ‎03-10-2021

Thank you so much! This is a HUGE help. Very easy fix, never would have thought of it. Thanks again!

Alteryx Connect Discussions

Tenable detects Apache Struts CVE-2011-3923 on Connect install.