struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: CVE-2015-5209
Date Tue, 06 Oct 2015 19:06:34 GMT
2015-10-06 21:04 GMT+02:00 David Gawron <dgawron@us.ibm.com>:
> Hello,
>
> I know that Struts1 and 2 are completely different code bases, but I was
> wondering if the technique used by the exploit described in the CVE and
> https://struts.apache.org/docs/s2-026.html could possibly apply to a
> Struts 1 deployment?  There is no references to a ValueStack in the Struts
> 1 code, but is there an equivalent feature that could be vulnerable?

Nope, as far I know :)


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message