httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chunduru, Krishnachaithanya" <Krishnachaithanya.Chund...@broadridge.com>
Subject RE: [users@httpd] Apache Struts Vulnerability - CVE-2017-9791
Date Sun, 23 Jul 2017 11:52:35 GMT
Thanks Luca. I will follow up with them.

Regards,
Krishna

From: Luca Toscano [mailto:toscano.luca@gmail.com]
Sent: Friday, July 21, 2017 10:25 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache Struts Vulnerability - CVE-2017-9791

Hi,

2017-07-21 18:35 GMT+02:00 Chunduru, Krishnachaithanya <Krishnachaithanya.Chunduru@broadridge.com<mailto:Krishnachaithanya.Chunduru@broadridge.com>>:
Hi All,

Can someone please confirm if Apache 2.4.10 is vulnerable to the CVE-2017-9791.
We came to know that Apache which is having Apache Struts version 2.3.x with Struts 1 plugin
and Struts 1 action is highly vulnerable . If exploited, this vulnerability would allow a
remote code execution attack.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791 seems to be related to Apache
Struts only (that is a JEE framework) with no connection with httpd, so probably it would
be worth to follow up with the project's user email list in my opinion: https://struts.apache.org/mail.html

Luca


This message and any attachments are intended only for the use of the addressee and may contain
information that is privileged and confidential. If the reader of the message is not the intended
recipient or an authorized representative of the intended recipient, you are hereby notified
that any dissemination of this communication is strictly prohibited. If you have received
this communication in error, please notify us immediately by e-mail and delete the message
and any attachments from your system.
Mime
View raw message