struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fazith (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (STR-3222) Regarding Struts Vulnerability Remote Code Execution when deserializing XML payloads - CVE-2017-9805
Date Thu, 07 Sep 2017 05:37:00 GMT

     [ https://issues.apache.org/jira/browse/STR-3222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Fazith closed STR-3222.
-----------------------
    Resolution: Done

Got an update from Struts Security team that 1.2.x is not impacted by this Vulnerability.

> Regarding Struts Vulnerability Remote Code Execution when deserializing XML payloads
- CVE-2017-9805
> ----------------------------------------------------------------------------------------------------
>
>                 Key: STR-3222
>                 URL: https://issues.apache.org/jira/browse/STR-3222
>             Project: Struts 1
>          Issue Type: Bug
>            Reporter: Fazith
>
> Hi Struts Team,
> We have been advised by a struts vulnerability in the given link (https://struts.apache.org/docs/s2-052.html)
for Struts 2 versions.
> We would like to know if this have any impact to Struts 1.2.x versions as we are having
few legacy applications running in Struts 1.2.x versions.
> Thanks & Regards
> Fazith M



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message