wt., 4 wrz 2018 o 07:31 Akkina, Rahul Anand <rahul.anandakk...@bp.com> napisał(a): > > Hi Team, > > Greetings for the day ! > > One of the applications(very old) which we host uses struts 1.1 and to just > add to guarantee we are not exposing any action path with url pattern /* , > Going by the details posted below forums the vulnerability is specific to > struts 2 vulnerabilities. > > https://cwiki.apache.org/confluence/display/WW/S2-057 > https://semmle.com/news/apache-struts-CVE-2018-11776 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776 > https://lgtm.com/blog/apache_struts_CVE-2018-11776 > > We do understand that struts 1.x is no longer supported by the community and > needs to be upgraded. Having said is our assertion on the affects of > vulnerability correct ?
I would assume yes, but I cannot guarantee that as we do not perform any tests against Struts 1. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
