struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Akkina, Rahul Anand" <Rahul.Anandakk...@bp.com>
Subject Quick question on the patch for CVE-2018-11776
Date Tue, 04 Sep 2018 04:11:51 GMT
Hi Team,

Greetings for the day !

One of the applications(very old) which we host uses struts 1.1 and to just add to guarantee
we are not exposing any action path with url pattern /* , Going by the details posted below
forums the vulnerability is specific to struts 2 vulnerabilities.

https://cwiki.apache.org/confluence/display/WW/S2-057
https://semmle.com/news/apache-struts-CVE-2018-11776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776
https://lgtm.com/blog/apache_struts_CVE-2018-11776

We do understand that struts 1.x is no longer supported by the community and needs to be upgraded.
Having said is our assertion on the affects of vulnerability correct ?

Thanks,
Rahul Anand Akkina



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message