Ok, so the only option is got through each security bulletin and check
provided Proof-of-Concept if it affects your application. And DMI
isn't a problem if used wise.

https://cwiki.apache.org/confluence/display/WW/Security+Bulletins

2013/10/16 Sreekanth S. Nair <sreekanth.n...@egovernments.org>:
> Thanks Lukazs, the problem i'm facing now is our product is so huge to do a
> migration and running mainly on DMI. I'm unable to convince my top
> management about how bad strust2 vulnerability is (since i dont know how to
> replicate the vulnerability). So I have no choice other than option 2.
>
> --
> Thanks & Regards
> Srikanth
> Software Developer
> --------------------------------
> eGovernments Foundations
> www.egovernments.org
> Mob : 9980078913
> --------------------------------
>
>
> On Wed, Oct 16, 2013 at 4:22 PM, Umesh Awasthi <umeshawas...@gmail.com>wrote:
>
>> I do not think that is possible.
>> You have 2 options
>>
>> 1. Upgrade you struts2 version.
>> 2. Go through security vulnerability and see what was there and create test
>> cases to see what exactly is happening and fix them by checking patches.
>>
>> But IMO, upgrading to latest version is much more flexible and less time
>> consuming than going through each and every vulnerability and applying
>> fixes for them.
>>
>>
>> On Wed, Oct 16, 2013 at 4:17 PM, Sreekanth S. Nair <
>> sreekanth.n...@egovernments.org> wrote:
>>
>> > Test Case to test the security vulnerability (major ones) in
>> > struts2-core-2.1.2.
>> >
>> > --
>> > Thanks & Regards
>> > Srikanth
>> > Software Developer
>> > --------------------------------
>> > eGovernments Foundations
>> > www.egovernments.org
>> > Mob : 9980078913
>> > --------------------------------
>> >
>> >
>> > On Wed, Oct 16, 2013 at 4:15 PM, Lukasz Lenart <lukaszlen...@apache.org
>> > >wrote:
>> >
>> > > 2013/10/16 Sreekanth S. Nair <sreekanth.n...@egovernments.org>:
>> > > > One more doubt, does this security vulnerability is able to bring
>> down
>> > > the
>> > > > server :-) ? If we authorize ourselves to apache, is it possible for
>> > > struts
>> > > > team to give us test case to check the vulnerability?
>> > >
>> > > What you mean by that? What test case you refer to?
>> > >
>> > >
>> > > Regards
>> > > --
>> > > Ɓukasz
>> > > + 48 606 323 122 http://www.lenart.org.pl/
>> > >
>> > > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> > > For additional commands, e-mail: user-h...@struts.apache.org
>> > >
>> > >
>> >
>>
>>
>>
>> --
>> With Regards
>> Umesh Awasthi
>> http://www.travellingrants.com/
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Reply via email to