[jira] [Closed] (VELTOOLS-163) Apache Struts Vulnerabilities - Velocity Tool (2.0)

Sergiu Dumitriu (JIRA) Sun, 24 Jun 2018 06:14:05 -0700


     [ 
https://issues.apache.org/jira/browse/VELTOOLS-163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sergiu Dumitriu closed VELTOOLS-163.
------------------------------------
       Resolution: Duplicate
    Fix Version/s:     (was: 3.0)

> Apache Struts Vulnerabilities - Velocity Tool (2.0)
> ---------------------------------------------------
>
>                 Key: VELTOOLS-163
>                 URL: https://issues.apache.org/jira/browse/VELTOOLS-163
>             Project: Velocity Tools
>          Issue Type: Bug
>          Components: VelocityStruts
>            Reporter: Pankaj Singh
>            Assignee: Claude Brisson
>            Priority: Critical
>
> Velocity Tools version 2.0 uses struts 1.3.8 which has associated 
> vulnerabilities:
> Struts 1
> •     CVE-2014-0114 – 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114
> Strut 2
> •     CVE-2014-0113 – 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
> •     CVE-2014-0112 - 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
> •     CVE-2014-0094 - 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
> The desired remediation goal for all affected applications is to update the 
> respective Apache Struts component to version 2.3.16.3. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org

[jira] [Closed] (VELTOOLS-163) Apache Struts Vulnerabilities - Velocity Tool (2.0)

Reply via email to