Alan,
On 10/19/23 12:44, Alan F wrote:
I am looking at security steps to mitigate issues with a 1.x Struts based app.
Is this from a "Struts 1 is vulnerable" perspective? Because -- on paper
-- it is. Vulnerable that is. But that doesn't necessarily mean that
your application is vulnerable.
Jon,
On 10/19/23 11:33, Mcalexander, Jon J. wrote:
Ding Ding Ding. Chris wins! Yes, that was the word.
https://www.youtube.com/watch?v=NtfVgzXTp7Q
-chris
-Original Message-
From: Christopher Schultz
Sent: Wednesday, October 18, 2023 9:42 PM
To: users@tomcat.apache.org
Subject: Re:
That's interesting.
The way I do the start.sh in my Catalina base is:
BASEDIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )/..
export CATALINA_BASE=$(realpath ${BASEDIR})
/opt/tomcat/tomcat-9/tomcat-9-latest/bin/startup.sh
I could just say $(realpath /opt/tomcat/tomcat-9/
I am looking at security steps to mitigate issues with a 1.x Struts based app.
I have recommended the following until an upgrade resource is available
Remove application from current shared datasource
Remediate high risk CVE scored vulnerabilities (x4 with high EPSS rating)
Reduce exposure to int
Ding Ding Ding. Chris wins! Yes, that was the word.
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, I
