struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonios Gkogkakis <gkogk...@tcd.ie>
Subject Re: Apple sec breach.. Struts?
Date Wed, 31 Jul 2013 13:10:23 GMT
Hi Vicky,

the .action by itself in the Urls is a good hint. Furthermore, if you check
the html source you'll probably find struts written somewhere e.g., dojodivs
Antonios


On 31 July 2013 14:04, vicky b <vickyb2084@gmail.com> wrote:

> I browsed through apple site  i could not find any clue that it was made in
> struts,  can you please let me know how did the hacker recognized that it
> was developed in struts, secondly how could he exactly hiek , sorry if this
> is out of scope for  this forum
>
>
> On Wed, Jul 31, 2013 at 6:08 PM, Frans Thamura <frans@meruvian.org> wrote:
>
> > Any apple guy here?
> >
> > I.just want to.know.how.struts.use there.
> >
> > I just know they use .action means struts apps.
> > On Jul 31, 2013 7:22 PM, "Christian Grobmeier" <grobmeier@gmail.com>
> > wrote:
> >
> > > I read that. I don't think we should do anything.
> > >
> > > The blog post is speculative. Nobody from Apple did tell us if it was
> > > really a Struts problem or not. If it is, then well, we can't do
> > > anything. This doesn't make Struts a dangerous framework at all, it
> > > just highlights you should update when your framework provider
> > > recommends it. It also highlights we are taking security issues
> > > serious.
> > >
> > > Also it should be mentioned that no company (to my knowledge) is in
> > > any way supporting the development of Struts. Apple got a lot of
> > > money, they could fund the development of the framework of their
> > > choice. At least they should be able to roll out new security patches.
> > >
> > > Maybe others think different, but except with continuing to improve
> > > struts, we cannot do anything bout it.
> > >
> > >
> > > On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura <frans@meruvian.org>
> > wrote:
> > > > Anyone read this?
> > > >
> > > > http://java.dzone.com/articles/was-struts-responsible-apples
> > > >
> > > > How we handle this?
> > > >
> > > > F
> > >
> > >
> > >
> > > --
> > > http://www.grobmeier.de
> > > https://www.timeandbill.de
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > > For additional commands, e-mail: user-help@struts.apache.org
> > >
> > >
> >
>
>
>
> --
> *Thanks & Regards
>  Vickyb
>
> *
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message