struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Newton <davelnew...@gmail.com>
Subject Re: Are S2-018 and S2-019 serious / remotely exploitable?
Date Wed, 18 Sep 2013 15:20:47 GMT
On Wed, Sep 18, 2013 at 11:09 AM, rgm <struts@rgm.nu> wrote:

> http://struts.apache.org/release/2.3.x/docs/s2-017.html


"Fixing" 19 is as simple as disabling dynamic method invocation.

I'm unclear on what 18 is; it looks like an extension of 16/17, and as
such, I'd do the upgrade--not that it's a major undertaking.

Dave

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message