struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anu Krishna Rajamohan <araj...@ncsu.edu>
Subject Security Vulnerability for Struts 1.3.10 in Struts 2.x
Date Thu, 28 Apr 2016 22:34:38 GMT
Hi,

As Apache Struts 1.x is pretty old and it suffers from many security
vulnerabilities, I decided to use a recent version of Apache Struts 2.x
(Struts 2.3.24.1). However, I find that struts-core-1.3.10 jar is present
in struts 2.x. Can you please let me know if the presence of this jar makes
Struts 2.x vulnerable to security issues such as CVE-2012-1007
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007>.

Thanks and Best Regards,
Anu

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message