struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Akkina, Rahul Anand" <>
Subject Quick question on the patch for CVE-2018-11776
Date Tue, 04 Sep 2018 04:11:51 GMT
Hi Team,

Greetings for the day !

One of the applications(very old) which we host uses struts 1.1 and to just add to guarantee
we are not exposing any action path with url pattern /* , Going by the details posted below
forums the vulnerability is specific to struts 2 vulnerabilities.

We do understand that struts 1.x is no longer supported by the community and needs to be upgraded.
Having said is our assertion on the affects of vulnerability correct ?

Rahul Anand Akkina

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message