Re: Integrate Apache Shiro with Struts2

I've just uploaded a more advanced example of a struts - shiro application. https://github.com/tkofford/shiro-realm This one is essentially the same as the simple one I created earlier, except I am using a custom shiro realm and doing authentication &

Re: Apache Struts Vulnerability - CVE-2017-9791

2017-07-24 9:36 GMT+02:00 Chunduru, Krishnachaithanya : > I was referring to Apache version we have i.e., 2.4.10. There is no such version of Struts -> http://struts.apache.org/downloads.html Regards -- Łukasz + 48 606 323 122

RE: Apache Struts Vulnerability - CVE-2017-9791

Hi Lukasz, Thanks for the prompt response. I was referring to Apache version we have i.e., 2.4.10. I'm not sure how to check the struts version we are having. As you mentioned 2.5.x series is not affected where and how to check this version on server, I tried googling these issues but it

RE: Apache Struts Vulnerability - CVE-2017-9791

Sorry, I might have confused it. I was referring to the Apache Webserver 2.4.10 running in our environment. Can you please let me know how to check the current Struts version I'm using. Regards, Krishna -Original Message- From: Lukasz Lenart [mailto:lukaszlen...@apache.org] Sent:

Re: Apache Struts Vulnerability - CVE-2017-9791

2017-07-24 10:57 GMT+02:00 Chunduru, Krishnachaithanya : > I was referring to the Apache Webserver 2.4.10 running in our environment. but you still need a Servlet container, e.g. Tomcat or Jetty or other to run a Struts based app. > Can you please let

Re: Apache Struts Vulnerability - CVE-2017-9791

2017-07-23 14:20 GMT+02:00 Chunduru, Krishnachaithanya : > Can someone please confirm if Apache 2.4.10 is vulnerable to the > CVE-2017-9791. I assume you meant 2.5.10 as there is no such version as 2.4.10. And as stated in the description 2.5.x series