We are upgrading Struts2 from 2.3.1 to 2.5.10.1 ; redirect making https:// to
http:// . The following errors in chrome and IE are seen while redirecting
from the popup to main window
redirecting popup (create user) --- main window (viewdashboard) - the URL
shows https:// to http://
Steps :
On 2017-03-25 12:11 (-0400), "upendar devu" wrote:
> We are upgrading Struts2 from 2.3.1 to 2.5.10.1 ; redirect making https://
> to http:// . The following errors in chrome and IE are seen while redirecting
> from the popup to main window
> redirecting popup (create
We setup google alert with query as "Apache Struts2 vulnerability CVE" but
somehow we didn't receive emails alerts on the below CVEs except that
alerted on CVE-2017-9805 only on Yesterday but these were exist quite few
days ago.
CVE-2017-9804
CVE-2017-9793
CVE-2017-9805
CVE-2017-7672
CVE-2017-978
Including Struts Security team
On Wed, Dec 6, 2017 at 12:06 PM, upendar devu
wrote:
> CVE-2017-15095 & CVE-2017-7525 -S2-054 & S2-055 has been fixed in the
> version 2.5.14.1
>
> We are using struts2 version 2.5.13. not using struts based REST plugin
> but using below j
CVE-2017-15095 & CVE-2017-7525 -S2-054 & S2-055 has been fixed in the
version 2.5.14.1
We are using struts2 version 2.5.13. not using struts based REST plugin
but using below jackson versions
I'm confused on the problem statements of these 2 CVEs reported , is this
impact for those using Struts
