Re: Apache Struts Vulnerability - CVE-2017-9791

2017-07-24 Thread Lukasz Lenart
2017-07-24 10:57 GMT+02:00 Chunduru, Krishnachaithanya : > I was referring to the Apache Webserver 2.4.10 running in our environment. but you still need a Servlet container, e.g. Tomcat or Jetty or other to run a Struts based app. > Can you please let

RE: Apache Struts Vulnerability - CVE-2017-9791

2017-07-24 Thread Chunduru, Krishnachaithanya
: Monday, July 24, 2017 1:16 PM To: Struts Users Mailing List Subject: Re: Apache Struts Vulnerability - CVE-2017-9791 2017-07-24 9:36 GMT+02:00 Chunduru, Krishnachaithanya <krishnachaithanya.chund...@broadridge.com>: > I was referring to Apache version we have i.e., 2.4.10. There is no suc

Re: Apache Struts Vulnerability - CVE-2017-9791

2017-07-24 Thread Lukasz Lenart
2017-07-24 9:36 GMT+02:00 Chunduru, Krishnachaithanya : > I was referring to Apache version we have i.e., 2.4.10. There is no such version of Struts -> http://struts.apache.org/downloads.html Regards -- Ɓukasz + 48 606 323 122

RE: Apache Struts Vulnerability - CVE-2017-9791

2017-07-24 Thread Chunduru, Krishnachaithanya
Users Mailing List Subject: Re: Apache Struts Vulnerability - CVE-2017-9791 2017-07-23 14:20 GMT+02:00 Chunduru, Krishnachaithanya <krishnachaithanya.chund...@broadridge.com>: > Can someone please confirm if Apache 2.4.10 is vulnerable to the > CVE-2017-9791. I assume you

Re: Apache Struts Vulnerability - CVE-2017-9791

2017-07-24 Thread Lukasz Lenart
2017-07-23 14:20 GMT+02:00 Chunduru, Krishnachaithanya : > Can someone please confirm if Apache 2.4.10 is vulnerable to the > CVE-2017-9791. I assume you meant 2.5.10 as there is no such version as 2.4.10. And as stated in the description 2.5.x series