struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: CVE 2013-2251 not affecting Redhat shipped struts
Date Mon, 22 Feb 2016 07:21:12 GMT
Hi,

I don't know what version is shipped by RedHat but the mentioned CVE
affects only Struts 2, so if RedHat ships Struts 1 then it isn't
affected.


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2016-02-20 18:21 GMT+01:00 punter <p_saurabh92@rediffmail.com>:
>
> Hi,
> On running a security scan on my Struts project in Red hat reported CVE-2013-2251.&nbsp;This
was previously unidentified by another tool as Bugzilla reports that CVE-2013-2251 does not
affect Red hat shipped Struts.&nbsp;Link:&nbsp;https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2251But
I have installed Struts independently on Red hat as base Operating system .&nbsp;
> Can you please let me know if there any difference in Apache Struts installed over Red
hat and Struts as shipped with Red hat , since CVE 2013-2251 is not affecting the latter distribution.&nbsp;
>
> Thanks
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message