struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: Java security issue vs. struts?
Date Wed, 16 Jan 2013 22:39:10 GMT

Hi Chris This issue came up on another apache users list I believe there was open access issue
to Remote Context Object by OGNL 
(but i think Lukasz or Dave addressed the issue)..emi..did you see this in Struts Jira? Bon
chance,
Martin 
______________________________________________ 
Note de déni et de confidentialitéCe message est confidentiel et peut être privilégié.
Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire
informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement
obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation,
nous ne pouvons accepter aucune responsabilité pour le contenu fourni.

 > Date: Wed, 16 Jan 2013 17:12:13 -0500
> From: emilu@encs.concordia.ca
> To: thechrispratt@gmail.com
> CC: user@struts.apache.org
> Subject: Re: Java security issue vs. struts?
> 
> On 01/16/2013 05:02 PM, Chris Pratt wrote:
> > I believe the description says it all.
> >
> > This Security Alert addresses security issues CVE-2013-0422 (US-CERT
> > Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability)
> > and another vulnerability affecting Java running in web browsers. *These
> > vulnerabilities are not applicable to Java running on servers,*
> > standalone Java desktop applications or embedded Java applications. They
> > also do not affect Oracle server-based software.
> >
> Thank you Chris. Moreover, if I call jfreechart to generate reports 
> through web applications, it will not be affected, I believe?
> 
> Emi
> 
> 
> 
> > On Wed, Jan 16, 2013 at 1:54 PM, Emi Lu <emilu@encs.concordia.ca
> > <mailto:emilu@encs.concordia.ca>> wrote:
> >
> >     Hello,
> >
> >     Does someone know how this java security issue related to struts
> >     framework?
> >
> >     http://www.oracle.com/__technetwork/topics/security/__alert-cve-2013-0422-1896849.__html
> >     <http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html>
> >
> >     Thanks a lot!
> >     Emi
> >
> >     ------------------------------__------------------------------__---------
> >     To unsubscribe, e-mail: user-unsubscribe@struts.__apache.org
> >     <mailto:user-unsubscribe@struts.apache.org>
> >     For additional commands, e-mail: user-help@struts.apache.org
> >     <mailto:user-help@struts.apache.org>
> >
> >
> 
> 
> -- 
> Emi Lu, ENCS, Concordia University, Montreal H3G 1M8
> emilu@encs.concordia.ca        +1 514 848-2424 x5884
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message