...@apache.org]
Sent: May 17, 2014: 2014 16:00
To: Struts Users Mailing List
Subject: Re: Struts zero-day vulnerability
We (Apache Struts) do not share the exact PoCs anymore to reduce risk
of informing attackers how to use given vulnerability, you can find
some examples over the internet - that's
-Original Message-
> From: Lukasz Lenart [mailto:lukaszlen...@apache.org]
> Sent: Monday, May 05, 2014 8:00 AM
> To: Struts Users Mailing List
> Subject: Re: Struts zero-day vulnerability
>
> Here you have more details [1] and just to point it out - Struts 1 reached
> EOL [2] and
-
From: Lukasz Lenart [mailto:lukaszlen...@apache.org]
Sent: Monday, May 05, 2014 8:00 AM
To: Struts Users Mailing List
Subject: Re: Struts zero-day vulnerability
Here you have more details [1] and just to point it out - Struts 1 reached EOL
[2] and no further development is expected! Consider
Here you have more details [1] and just to point it out - Struts 1
reached EOL [2] and no further development is expected! Consider
migration to Struts2 or any other modern framework.
[1]
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U2d8va
Hello,
We use struts version 1.2.2 and commons-file upload version 1.1.1. It is not
clear from this notification if these versions are impacted.
1. Can anyone confirm if these versions or affected?
2. If they are affected, what can be done? Should we upgrade to Struts
2.x?
The n
5 matches
Mail list logo
