struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Parthiban Palanisamy (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (WW-4867) Apache Struts framework 1.1 and 2.x vulnerability clarification
Date Wed, 04 Oct 2017 11:28:00 GMT

     [ https://issues.apache.org/jira/browse/WW-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Parthiban Palanisamy updated WW-4867:
-------------------------------------
    Issue Type: Temp  (was: Task)

> Apache Struts framework 1.1 and 2.x vulnerability clarification
> ---------------------------------------------------------------
>
>                 Key: WW-4867
>                 URL: https://issues.apache.org/jira/browse/WW-4867
>             Project: Struts 2
>          Issue Type: Temp
>         Environment: apache Struts framework 1.1
>            Reporter: Parthiban Palanisamy
>            Priority: Blocker
>              Labels: documentation
>
> Hello, 
> I'm the active user of apache Struts framework 1.1 and 2.x. Recently we learned that
there is a vulnerability in Apache Struts' Jakarta Multipart parser as high risk. This may
lead to warning of remote code execution (RCE) attacks that were evident at Equifax which
lead to complete system compromises. So I would like to take your inputs and understand the
recent vulnerability over RCE is also affected 1.1/1.x versions precisely. 
> If yes, could you please support with your thoughts over next course of action to resolve
the issue? 
> Thanks and appreciate your support at the earliest. 
> Regards,
> Parthiban



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message