You’d need to create a variation of one of the PoCs, you can likely search
around for one. That said—I don’t see how S1 could be vulnerable since it’s
a completely different mechanism. In general, no S2 vulnerabilities will
apply to S1 *ever* unless it’s explicitly related to a dependent
library—th
You are probably correct on due to the different frameworks. If I do need
to test Struts v1 where do I obtain the test instructions from? I could
not find them when searching earlier.
Regards, Rayne
IBM Watson Financial Services
10925 David Taylor Drive
Charlotte, NC 28262-1040, US
MG82/202
(
@struts devs - Please remove the **RESERVED** state and update the detailes for
CVE-2019-0230 at http://cve.mitre.org to make it available at NVD so tools like
OWASP depandency-check can act on this vuln, as we and I guess many others are
using the tools to be able to act as fast as possible.
k
pt., 21 sie 2020 o 11:30 Rayne Anderson napisał(a):
>
> I know that Apache Struts File upload CVE-2019-0233 applies to Struts v2.
> Does the CVE apply to Struts v1.3.8?
I would say no as these are totally different frameworks but we didn't
test Struts 1.3.8 against this vulnerability as Struts 1
I know that Apache Struts File upload CVE-2019-0233 applies to Struts v2.
Does the CVE apply to Struts v1.3.8?
If no one knows the answer I can find no explicit details of how to test
for the vulnerability or what the code changes where made in Struts 2. How
do I obtain this information?
I hav
5 matches
Mail list logo
