Hello, I know that Struts1 and 2 are completely different code bases, but I was wondering if the technique used by the exploit described in the CVE and https://struts.apache.org/docs/s2-026.html could possibly apply to a Struts 1 deployment? There is no references to a ValueStack in the Struts 1 code, but is there an equivalent feature that could be vulnerable?
-Dave- ---------------------------------------------------------------------- Dave Gawron Architect, WebSphere Portlet Factory 978-899-2171 T/L 276-2171 dgaw...@us.ibm.com "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." -- Antoine de Saint-Exupéry
