2015-10-06 21:04 GMT+02:00 David Gawron <dgaw...@us.ibm.com>: > Hello, > > I know that Struts1 and 2 are completely different code bases, but I was > wondering if the technique used by the exploit described in the CVE and > https://struts.apache.org/docs/s2-026.html could possibly apply to a > Struts 1 deployment? There is no references to a ValueStack in the Struts > 1 code, but is there an equivalent feature that could be vulnerable?
Nope, as far I know :) Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
