struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Apache Struts Vulnerability - CVE-2017-9791
Date Mon, 24 Jul 2017 07:23:00 GMT
2017-07-23 14:20 GMT+02:00 Chunduru, Krishnachaithanya
<Krishnachaithanya.Chunduru@broadridge.com>:

> Can someone please confirm if Apache 2.4.10 is vulnerable to the CVE-2017-9791.

I assume you meant 2.5.10 as there is no such version as 2.4.10. And
as stated in the description 2.5.x series isn't affected as it doesn't
ship with the Struts 1 plugin, only Struts 2.3.x can be affected

http://struts.apache.org/docs/s2-048.html

> I tired checking in the MANIFEST.MF file, where is the implementation version shows v.1.1.
how to resolve this issue, can we upgrade the struts? Thank you.

Looks like you are running the previous version of Struts, version 1.1
which isn't affected by the vulnerability (but there are other
vulnerabilities which affect this version).


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message