Am 08.09.2017 um 10:59 schrieb Billy Aung Myint: > Hi Everyone, > > May I know if Tomcat 7.x version is affected by the Apache Struts 2 > vulnerability? > I mean does Tomcat uses any of the Struts' libraries or such in any part of > the Tomcat? > > Thanks! > Tomcat is affected by Tomcat vulnerabilities, Struts is affected by Struts vulnerabilities.
If you deploy old and not uptodate Struts libraries in Tomcat, then you will be exposed to the corresponding exploits. In this case, as always and independent of the nature of the component: upgrade to the latest available version and or use other measure to block attacking requests. Markus --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
