RE: CVE-2015-5209

(action|method):.*" https://struts.apache.org/docs/s2-026.html or upgrade to Struts 2.3.24.1 Good Question! Martin __ > Date: Mon, 22 Feb 2016 11:10:39 -0700 > Subject: CVE-2015-5209 > From: brentbark...@gmail.com > T

CVE-2015-5209

Hi, We are upgrading struts to patch a potential security hole (S2-026 ) I want to ensure the vulnerability no longer exists in our application after upgrading to v2.3.24.1. Would someone mind pointing me in the right direction to test the vul

Re: CVE-2015-5209

Struts1 is completely safe to use since no OGNL involved, unfortunately people started misusing struts2 the way its easy to use, and its in a way to fix all the security holes found till now. -- Thanks & Regards Sreekanth S Nair Java Developer --- eGovernm

Re: CVE-2015-5209

2015-10-06 21:04 GMT+02:00 David Gawron : > Hello, > > I know that Struts1 and 2 are completely different code bases, but I was > wondering if the technique used by the exploit described in the CVE and > https://struts.apache.org/docs/s2-026.html could possibly apply to a > Struts 1 deployment? Th

Re: CVE-2015-5209

Same as s2-025 from your ealier question. On Tue, Oct 6, 2015 at 3:05 PM, Dave Newton wrote: > Expressions aren't evaluated in S1; there is nothing like it I'm aware of. > > Dave > > > On Tue, Oct 6, 2015 at 3:04 PM, David Gawron wrote: > >> Hello, >> >> I know that Struts1 and 2 are completely

Re: CVE-2015-5209

Expressions aren't evaluated in S1; there is nothing like it I'm aware of. Dave On Tue, Oct 6, 2015 at 3:04 PM, David Gawron wrote: > Hello, > > I know that Struts1 and 2 are completely different code bases, but I was > wondering if the technique used by the exploit described in the CVE and >

CVE-2015-5209

Hello, I know that Struts1 and 2 are completely different code bases, but I was wondering if the technique used by the exploit described in the CVE and https://struts.apache.org/docs/s2-026.html could possibly apply to a Struts 1 deployment? There is no references to a ValueStack in the Struts