struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Parthiban Palanisamy (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WW-4867) Apache Struts framework 1.1 and 2.x vulnerability clarification
Date Wed, 04 Oct 2017 11:27:00 GMT
Parthiban Palanisamy created WW-4867:
----------------------------------------

             Summary: Apache Struts framework 1.1 and 2.x vulnerability clarification
                 Key: WW-4867
                 URL: https://issues.apache.org/jira/browse/WW-4867
             Project: Struts 2
          Issue Type: Task
         Environment: apache Struts framework 1.1
            Reporter: Parthiban Palanisamy
            Priority: Blocker


Hello, 

I'm the active user of apache Struts framework 1.1 and 2.x. Recently we learned that there
is a vulnerability in Apache Struts' Jakarta Multipart parser as high risk. This may lead
to warning of remote code execution (RCE) attacks that were evident at Equifax which lead
to complete system compromises. So I would like to take your inputs and understand the recent
vulnerability over RCE is also affected 1.1/1.x versions precisely. 

If yes, could you please support with your thoughts over next course of action to resolve
the issue? 

Thanks and appreciate your support at the earliest. 

Regards,
Parthiban





--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message