[jira] [Closed] (STR-3222) Regarding Struts Vulnerability Remote Code Execution when deserializing XML payloads - CVE-2017-9805

Fazith (JIRA) Wed, 06 Sep 2017 22:37:21 -0700

     [ 
https://issues.apache.org/jira/browse/STR-3222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Fazith closed STR-3222.
-----------------------
    Resolution: Done

Got an update from Struts Security team that 1.2.x is not impacted by this 
Vulnerability.

> Regarding Struts Vulnerability Remote Code Execution when deserializing XML 
> payloads - CVE-2017-9805
> ----------------------------------------------------------------------------------------------------
>
>                 Key: STR-3222
>                 URL: https://issues.apache.org/jira/browse/STR-3222
>             Project: Struts 1
>          Issue Type: Bug
>            Reporter: Fazith
>
> Hi Struts Team,
> We have been advised by a struts vulnerability in the given link 
> (https://struts.apache.org/docs/s2-052.html) for Struts 2 versions.
> We would like to know if this have any impact to Struts 1.2.x versions as we 
> are having few legacy applications running in Struts 1.2.x versions.
> Thanks & Regards
> Fazith M



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (STR-3222) Regarding Struts Vulnerability Remote Code Execution when deserializing XML payloads - CVE-2017-9805

Reply via email to